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Abstract 

Introduced by Dal Lago and Hofmann, quantitative realizability is a technique 
used to define models for logics based on Multiplicative Linear Logic. A partic- 
ularity is that functions are interpreted as bounded time computable functions. 
It has been used to give new and uniform proofs of soundness of several type 
systems with respect to certain time complexity classes. We propose a refor- 
mulation of their ideas in the setting of Krivine's classical realizability. The 
framework obtained generalizes Dal Lago and Hofmann's realizability, and re- 
veals deep connections between quantitative realizability and a linear variant of 
Cohen's forcing. 



1. Introduction 

Ever since its introduction by J.L Krivine [l2|, the theory of classical real- 
izability has raised a growing interest. Initially designed to study the compu- 
tational content of classical proofs through the Curry-Howard correspondence, 
it has led to promising results in various fields. One could mention the recent 
advances [l5| made by Krivine in the elaboration of new models of the ZF ax- 
iomatic set theory. Another success has been its use to define and justify a 
classical extraction procedure for the proof assistant Coq [2l[ . 

Forcing — Forcing is a technique designed by Cohen [3| to prove the 
independence of the Continuum Hypothesis (CH) from ZFC. The idea is to 
define a formula transformation which turns every formula A into a new one 
noted p lh A, where p is a forcing condition. By choosing a suitable set of forcing 
conditions, one can prove the statement p II — >CH. It has been recently shown 



by Krivine |14[ that combining classical realizability and forcing is possible. 
This construction can be seen as a generalization of forcing iteration and makes 
possible a study of forcing through the Curry-Howard isomorphism: Krivine 
has shown that the forcing technique not only provides a logical translation but 
also a program transformation. Following that work, Miquel [22[ has introduced 
an abstract machine (the Krivine Forcing Abstract Machine, or KFAM) that 
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internalizes the computational behavior of programs obtained via this transfor- 
mation. One remarkable feature of this machine is that it provides sophisticated 
programming features like memory cells or program execution tracing. 



Resource sensitive realizability — Rcalizability techniques have also 
been fruitfully applied to implicit complexity. This research field aims at provid- 
ing machine-independent characterizations of complexity classes (such as poly- 
nomial time or logspace functions). One of the possible approaches is to use 
linear logic based type systems to constrain programs enough so that they en- 
joy bounded-time normalization properties. Proving these properties can be 
achieved using semantic techniques. Following different works 0, [loj], Dal Lago 
and Hofmann have introduced in [l8j a quantitative (another word for resource 
sensitive) framework based on Kleene realizability One of the crucial ideas 
behind Dal Lago and Hofmann's work is to consider bounded-time A-terms as 
realizcrs. Bounds are described using elements of a resource monoid. No mat- 
ter what resource monoid is chosen, their framework always yields a model of 
second-order Multiplicative Affinc Logic (MAL). Various systems extending 
MAL arc then dealt with by choosing a suitable resource monoid, while the 
basic realizability constructions are unchanged. This work has offered new and 
uniform proofs of the soundness theorems for LAL, EAL, SAL and BLL with 
respect to the associated complexity classes [3, EH ■ In , Terui and the 
author gave a new characterization of the complexity class FP (the functions 
computable in polynomial time) and used a variant of Dal Lago and Hofmann's 
realizability to show the soundness part of this result. 



The present work aims at applying methodology and tools coming from 
classical realizability to generalize the framework proposed by Dal Lago and 
Hofmann, and to reveal deep connections between quantitative realizability and 
forcing techniques. 



Quantitative classical realizability — We propose a new quantitative 
framework, based on Munch's classical realizability for focalising system L (or 
L/oc) US], a term calculus for classical logic LC [§]. We extend this realiz- 
ability using the notion of quantitative monoid, which derives from the resource 
monoid structure introduced by Dal Lago and Hofmann. We show that, what- 
ever the quantitative monoid, this framework always gives rise to a model of the 
Multiplicative Affine fragment of Higher-order Classical Arithmetic (abbrevi- 
ated MALw). By choosing different quantitative monoids, we obtain models of 
logics extending MALw . Because all resource monoids in the sense of [l8| are 
also quantitative monoids, we can in principle obtain models for all the systems 



treated in [l7|,ll8|, although we only exhibit a model of Soft Affine Logic (SAL) 
1- 



Quantitative reducibility candidates — By carefully setting param- 
eters of classical realizability, one can retrieve the notion of reducibility can- 
didates (presented using orthogonality, as in 0, [III 0, HEf ) , which is used to 
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prove normalization properties. Similarly, in our setting, we are able to define a 
quantitative extension of this technique, which we call quantitative reducibility 
candidates. It allows us to semantically prove complexity properties of programs 
that are typable in the logic we interpret. Moreover, because we work with a 
term calculus which generalizes both call-by-name and call-by-value classical 
A-calculi, these complexity properties are transferred for free to these calculi. 
Hence, we are able to retrieve and generalize the bounded-time termination re- 
sults proved in [H H] . 



A forcing decomposition — Quantitative classical realizability is deeply 
connected with a certain notion of forcing, which we propose to study. We for- 
malize inside MALw a forcing transformation on Multiplicative Linear Logic 
(MAL) formulas, called linear forcing. Then, following Miquel's methodology 



22|, we propose an abstract machine designed to execute programs obtained 



by a specific linear forcing instance. A connection lemma is proved, which 
shows that composing this instance of linear forcing with a non-quantitative 
realizability built upon this machine always yields a quantitative realizability 
model. Finally, using this result, we show how quantitative reducibility can- 
didates (restricted to MAL) arise from the composition of usual reducibility 
candidates with forcing. 



Outline — Sections [2] and [3] introduce MALw and its quantitative realiz- 
ability interpretation. The model of quantitative reducibility candidates is then 
defined and used to prove a bounded time termination property of MALw . In 
section [31 we show by taking SAL as an example that this interpretation and 
the corresponding complexity result can be extended to larger type systems. 
Finally, we introduce in section [5] the linear forcing interpretation of MAL and 
prove the accompanying decomposition results. 



2. The calculus 

In this section, we describe the system MALcj. It is based on the MAL type 
system for Munch's focalising system L [23[, extended with higher-order quan- 
tifications and arithmetical operations. Logically, it is a fragment of classical 
higher-order Peano arithmetic (abbreviated by PAcj). The syntax of MALcj is 
divided in three distinct layers: the terms, the type constructors and the kinds. 
The language of terms, which we shall use to express both proof-terms and 
realizcrs, is based on the multiplicative fragment of L/ oc , extended with extra 
instructions. The type constructors layer is an adaptation of the higher-order 



terms syntax of PAw [22| to linear logic: it can be seen as a combination of 
the languages of PAcj and classical Fui . Finally, kinds are used as a simple 
type system for type constructors. 



2.1. Term syntax 

In what follows, positive variables and negative variables are respectively 
written x,y,z, . . . and a, /3, 7, We use the symbols k, k! , . . . to denote both 
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positive and negative variables. In the term syntax of L/ oc , in addition to 
variables, six syntactic categories are defined: values, positive values, positive 
terms, negative terms, terms and commands: 



variables k, k' 

values V 

positive values V+ 

positive terms t + 

negative terms t- 

terms t, u 

commands c 



a | x 

V+ I i_ 

x\(V,V')\ {V}\k + (k + e>C + ) 
V+ I fia.c 

a | jU(K, k').c I fi{n}.c | fix.c | fc_ (fe_ e /C_) 

*- I *+ 

(M*-) 



where /x(k, k').c is not defined if k — k' . Moreover terms are always considered 
modulo a-cquivalcncc. We also make an identification between the commands 
(t 1 11) and (u\t). Finally, we associate to every term t its polarity 7r(t) G { — , +} 
as follows: 

+ if t is a positive term 
— if t is a negative term 

Remarks 1. 



Notice that in the definition of the pair construct (V,V), V and V can 
be values of arbitrary polarity (that is, positive or negative). We could 
have made the choice of restricting a pair to positive values. This would 
not be problematic since we still could used {.} to change the polarity of 
values from negative to positive before putting them into a pair. 
The term {V} can be seen as a one-tuple and is here to give the possibility 
of turning a negative term into a positive one. 

This untyped calculus has no linear restriction on the use of variables. 
However, such restrictions will appear in the type system. 
The identification of ( 1 1 u ) and ( u \ t ) accounts for the involutivity of 
linear negation. 



Similarly to 22| , the syntax is parametrized by a set of positive instructions 
K.+ (which are considered as values) and a set of negative instructions /C_ . This 
allows us to extend the language at will, in the spirit of Krivine's A c -calculus 



12] 



Remark 2. If we want to make a comparison with Miquel's work [2^, our set 
K.— corresponds to the set of instructions while /C+ corresponds to the set of 
stack constants. 

If £ is a term or a command, FV(x) denotes the set of the free variables of 
x. In the rest of this paper, the sets of closed terms, closed positive terms, closed 
negative terms and closed commands are denoted respectively by T°, 75, 75 
and C. Moreover the set of values is denoted by V. 
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2.2. Reduction 

We now present the operational semantics for the syntax we just defined. 
The set of commands is equipped with the following one-step reduction relations 
and -tp: 

(+) (/xa.c|i_) c[t-/a] 

{-) (V+lfix.c) ->„ c[V+/x] 

(t) ({V}\i*{k}.c) -+p c[V/k] 

((f,v')Im(k,0-c> ->/» c[y/ K) y/ K '] 

(—>p is defined only if the polarities of the k's and the V's match) 

We pose ->o = -tp U ->- M . 
Remarks 3. 

1. The grammar defining the term syntax does not prevent ill- formed com- 
mands to appear. Indeed, consider the command {fj,a.c\{V}). {V} is 
a positive term whereas a is a negative variable. Hence, this command 
won't reduce. The possibility of this kind of ill-formed commands and 
terms will be removed by typing. 

2. Even if the term syntax does not allow directly to form the pair (t, u) or 
the one-tuple {<} when t and u are not values, it is possible to define these 
constructions as follows: 

(t,u) = fj,a.( 1 1 fiK.{ u | ij,k'.( (k, k') I a ) ) ) 
{t} = fJ ,a.(t\fiK.({K}\a)) 

where the polarities of k and k' respectively match those of t and u. In 
the case of the pair, this definition reflects an arbitrary choice in the order 
of evaluation of t and u (here from left to right). 

Definition 4 (Evaluation relation). Similarly to J^, we consider an evalu- 
ation relation to be a binary relation — > between commands such that — 

In the rest paper, — > always denotes such an evaluation relation. 

Remark 5. The fact that — > is not fixed will allow us to consider reduction 
rules when we extend the term syntax with new instructions, without loosing 
the properties and theorems already proved. 

Definition 6. Suppose — > is a binary relation between commands. If c is nor- 
malizing for — > U —tp, then we define Time^(c) as the number of — > steps 
needed by c to normalize using — > and — > fJ- . Otherwise, Time~^(c) is undefined. 
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2.3. Kinds and type constructors 

Here is exposed the language of MALw types. We define two syntactic 
categories: kinds and type constructors (or simply constructors). 

Kinds a, t ::= t | o + | o~ | a — > t 

Constructors A,B,T,U ::= x T | x rJ - | \x T .T \ TU 

| | s | rec r | recjp 
\ A® B \ A 7 )! B \ 3x T .A \ Vx T .A 
\±A\tA 

Kinds are a simple type system for constructors: i is the kind representing 
individuals, a — > r is the kind of functions from a to r, o + is the kind of positive 
formulas and o~ the kind of negative formulas. We denote by n the constructor 
s"0. 

Definition 7 (Involutive negation). The operation (.)- L (called negation) is 
only defined on atomic constructors (variables and recursor rec T ). It is extended 
as an involutive operation on all kinds as follows: 



T = 


o 


o = o T 




t 1 = 


i (a - 


-)• r)- 1 = a - 




all constructors: 








(^) X = 


x T± 


(^ T± ) ± = 




0-L = 





B- 1 = 


s 


(A^.T)- 1 = 


Xx T .{T) 1 - 


(TU) 1 - = 


T^U 


(rec T ) = 


recjr 


(rec^r) 1 - = 


rec T 


(vl^B)- 1 = 


A^^B 1 ^ 


{A^B) 1 - = 


A- L (g>B 


(Va^.A) 1 - = 


3x T .A ± 


{3x T .A) 1 - = 


VxT.A 1 - 


(t^) x = 


IA X 


' = 


tA 1 - 



The operation (.) is involutive: for any constructor T, we have T = T . 

The rules of figure [T] define what it means for a constructor T to be of kind 
t (and we note it T : t). When we write T : o it means that T : o + or T : o~ . 
We say that a constructor T is well-formed if there exists some kind a such that 
T : a holds. 



Property 8. IfT:a then T 1 - : a . 



Finally, we define a relation of convertibility between constructors, noted 
T = T", whose inductive definition is given in Figure [2j Notice that if A and B 
are formulas and A = B then A and B have the same polarity. The presence 
of the dual recursor rec^ and its associated conversion rules are necessary to 
obtain the following property. 



G 





x T 


: t 






(x^ : T X 




T 


: t 




T : 


a — > t U : a 




Xx a .T 


a — > 


r 




TU : t 







: t 






s : i — > b 




rec T 


: t — 


V 


> T 


— y t ) — y i — )■ t 




rec^r 


: r — 


>(l- 


> T 


— \ t) — y i — y t 


A : o 


B : o 


A : 





B 


: o A: o A : o 


A® B 


:o+ 


A 


?$B 


: d~ 


lA:o + t A:o- 


A 


* 

: o * 




,-} 




A:o* 




Vx T .A : o* 






3x T .A : o* 



Figure 1: Typing rules for constructors 



Property 9. IfT and U are constructors such that T = U , then T = U . 

Remark 10. On the formulas constructor (of kind o* for * € {+, — }), the 
negation (.) is the usual involutive negation of linear logic. However, on closed 
individuals, it is simply the identity (modulo =). For example ((Xx L .s x^O)- 1 = 
sO. 

Let us give a few examples of useful constructors we can define. 

• The negation operator on positive formulas can be defined as the con- 
structor Xx° .(x° ) _L : o + — >• o~. Notice that the dual variable (x° )- L is 
bound by the lambda binder Xx°. 

• If we define U = Xz° + .rec z° + (Xx° + .Xy L . | (x° + ) ± ), we have 

UA{sn) KUAn) 1 - 

For example, 

UA5 = Itltl^ 
UA4 VtVtA 
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x T i FV{T) 


{Xx T .T){U)^T{x T :-- 




Xx T .Tx = T 


rec T TUO = T 




rec T 1 U (s n) = U n (rec T 1 U n) 


rec^TUQ S T 1 - 




rec^r TU (s n) = U n (rec T TU n) 




T = T' 




T = T 


T' = T 




± 


T' 
1 


1 1 U U 


Xx T .T = 


Xx T .T' 


TU T'U' 


A = A' 


B^B 


' A = A' B = B' 


A®B = 


A! ®B' 


A^B^A'^B' 


A * 


A' 


A = A' 




3x T A' 


Vx T A S Vx T A' 



Figure 2: Convertibility relation between constructors 



In the rest of the paper, we designate by the letters N, M, . . . negative for- 
mulas and by the letters P,Q, . . . positive formulas. We designate by the letters 
A, B, . . . formulas of any polarity (positive or negative). Negative formulas TV 
are intended to type negative terms (lazy terms), whereas positive formulas P 
will be used to type positive terms (eager terms). The modality t is used to 
turn a positive term into a negative one, that is transforms an eager term into a 
lazy one. -J, does just the contrary, that is turning a negative term into a positive 
one. 

Remark 11. In contrast with [23}, V and 3 do not change the polarity of the 
formula. This choice is made to keep realizers of existential and universal state- 
ments simpler, especially when we will define forcing in section [5j 

2.4- Type system 

The type system MALw relates terms of L/ oc with MALu; formulas. Typ- 
ing contexts (denoted by the symbols: T,r',A,...) are finite sets containing 



elements of the form x : N or a : P. Typing judgments are of the form: 



ht+:P\T or h t_ : iV | T or c : (h T) 

The rules of MALw are described in Figure [3J Notice that in MALw, only 
affine terms are typable. That means that every bound variable n appears at 
most once in the command under the binder. 

Remarks 12. 

1 . We have chosen to have weakening and conversion rules expressed only on 
commands. The reason is that weakening and conversion rules for terms 
are derivable from these two rules, using the cut and activation rules. For 
example, here is the derived rule (=) on terms (the case of weakening is 
similar): 

(Ax) 



\-t:A\T h k : A \ k : A 

! (Cut) 

(t\K) :(\- A,T) A = B 
——— (=) 

(<|«):(I-B,r) 

w 

h (iK.{t\n) : B | T 

2. We can only form pairs of values (V,V). This is reflected in the type 
system by the ((g)) rule that introduces only such pairs. However, we can 
obtain a derived rule for the following definition of (t, t') already presented 
in Subsection 12.21 

(t, t') = na.(t | fj,x.( u | fiy.{ a \ (x, y) ) ) ) 

We just give the partial derivation corresponding to the derived rule, leav- 
ing the easy part to the reader. 



{Cut) 



((x,y)\a) :{hx:A ± ,y:B ± ,a:A(E>B / 

h u : B | A ny.((x,y) \ a) : B 1 - \ x: A- 1 , a : A®B 

- (Cut) 



(u\fj,y.{(x,y) \a)) : (h x : A^,a : A ® B, A) 



(M) 



h t : A | T h fix.(u | (x,y) | a) ) : A x \ A, a : A ® B 

(Cut) 

(t\nx.(u\ny.((x,y)\a))) : (h a : A ® B, T, A) 

W 

h (t, u) : A <8> B | T, A 

The same remark also holds for the construction {t} defined in Subsection 
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I- x : P | x : P 
c : (h a : P, V) 



h [ia.c : P | r 
h t : A I T 



(M+) 



h a : iV | a : N 
c:(\-x:N,T) 



;t|«>: (h r,A) 



h /xx.c : JV | T 

htci 1 | A 

- (Cut) 



V:A\T \-V':B\A c : (\- k : A, k' : B,T) 



h (V,V) : A®B | T,A h/i(/c,(t').c:^ J ?B|r 

; (i) r \ -4 L (t) 



h {V} 4 a | r h /i{«}.c :t a | r 

T : r h t : A\T/x T ] \ T h V : A \ T x does not appear in T 

——— (3) (V) 

ht:3x T .A\T hV:Vx T .A\r 



c:(hK:A,T) A^B c : (h T) 

— — (=) - — — (W) 

c : (h k:B,T) c : (h x : A,T) 



Figure 3: Typing rules of MALw 



2.5. Generalities on Call-by-value and Call-by-name 

In this localising version of MALw, it is possible to encode both call- by- 
name and call-by- value afhne A-calculi, as explained in [23|. Moreover, each 
/3-rcduction step in these calculi induces a constant number of reduction steps 
in the corresponding encoding. 

Call-by-name A-calculus — We consider the call-by-name affine A- 
calculus, that is such that in every term Xx.t, x appears at most once in t. 
We exhibit an encoding of this calculus by giving a typed translation of the 
affine A-calculus in the negative fragment of MALw . The implication — o is 
defined as follows: 

N —o M = N^^ M 



10 



Terms t and stacks ir of the Krivine abstract machine [13[ are encoded respec- 
tively using negative terms \t) and positive terms (tt\, as follows: 

Xa.t- = fj,(a, x) . ( t- | x ) 
u.ir = (u,ir) 

= [ix. (t- | U-.x) 



We can check that these definitions indeed implement Krivine Machine weak 
call-by-name reduction, as shown by the following reduction: 



( (Xa.t)u 1 7T ) = (fj,x.(fj,(a,y).(t\y)\u.x)\n) 
->0 (t[u/a)\ir) 



We see that each /3-reduction step in the weak call-by-name A-calculus cor- 
responds exactly to two — >q reduction steps in this encoding. 

Call-by-value A-calculus — The call-by-value affine A-calculus is ob- 
tained by taking a positive encoding of the implication: 

P^Q = |(P ±J ?Q) 

We define terms and environments using respectively positive and negative 
terms: 

Xx.t + = {fJ-(x, a).(t+ | a)} 
(t+)u+ = [ia.(t + \u + .a) 
u.e = fi{a}.( a \ (u, e) ) 

It can be checked that we retrieve Curien-Herbelin X[iji v calculus Here is 
the typical example of a reduction in the encoded calculus: 

{ m .{{^x,a').{t\a')}\u.a)\E) 
{{»(x,a').(t\a')}\fi{a}.{a\(u,E)}) 
(»(x,a').{t\a')\(u,E)) 

(u\ (J,Ki.(E | /i^2-( ^2) I ^{x, K).{t\n)))) 
(V\ fXK\.{E I /i« 2 -( («1) «&) I Mfo K )-(t \ K )))) 
(E\ /J,K2.((V,K 2 ) I /U(iE, «)•(* K ) ) ) 

((V,f?)|/i(i > /c).(*|/s)> 
<*[V/a;]|S> 



(Xx.t)u\E) 
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Here again, it is clear that to each step in the Curien-Herbelin Xfijl v calculus 
corresponds a constant number of steps in Lj oc . 



3. Quantitative Krivine's realizability 

In this section, we define the quantitative classical realizability for MALcj. 
This construction is a direct extension of Munch's focalised version of Krivine's 
classical realizability [23| and integrates the quantitative aspects of [l8j . In 
(non-quantitative) Krivine's classical realizability, formulas are interpreted as 
sets of terms closed by a notion of biorthogonality, and a realizability relation 
t lh A between terms and formulas is defined. In that setting, t lh A intuitively 
means "t is a term whose computational behavior follows the specification A". 
In our work, we interpret formulas A as sets of pairs (i, p) where t is a term 
and p is an abstract quantity. The realizability relation becomes (t,p) lh A, 
with the informal meaning "t is a term whose computational behavior follows 
the specification A and uses during its execution a quantity of resources bounded 
by p". The presence of this abstract quantity allows us to build a quantita- 
tive extension of the well-known technique of rcducibility candidates, which we 
call quantitative rcducibility candidates. We use these to prove bounded-time 
termination results on typable terms. 

3.1. Quantitative monoid 

We introduce the notion of quantitative monoid, whose elements can be 
thought as resource quantities (like time, space or energy). Quantitative monoids 
are a generalization and a simplification of Dal Lago and Hofmann's resource 
monoids [l8j |. 

Definition 13. A quantitative monoid is a structure (At,+,0, <, ||.||) where: 

• (A4, +, 0, <) is a preordered commutative monoid. 

• ||.|| : At — > N is a function such that: 

- for every p,q <E At, we have ||p|| + < + 

— Morever, ||.|| is compatible with <, that is if p < q then ||p|| < ||g||. 

If moreover, there is an element 1 £ M such that 1 < ||1||, then we say that 
(At, +, 0, 1, <, ||.||) is a quantitative monoid with unit. 

From now on, we will often denote a quantitative monoid by its carrier At 
and we use lower-case consonnes letters p, q,m,v, . . . to denote its elements. 
Moreover, if n G N then we use the notation n.p for p +p -\ h p. 

n times 

Remarks 14. 



12 



1. If wc think of elements p, q £ M. as abstract quantities bounding re- 
spectively the resource consumption of programs t and u, then doing the 
operation p + q can be seen as way to calculate a bound for the resource 
consumption of the process ( t \ u ) resulting of the interaction of these two 
programs. 

2. The intuition behind the anti-triangular inequality, + ||g|| < \\p + q\\ 
is that the amount of resources potentially used by the interaction of two 
programs is more than the sum of the quantities of resources used by the 
two programs alone. 

3. One corollary of the anti-triangular inequality is that j|0|| = 0. Indeed, 

2x||0]] = ]|0|| + ]]0||<||0|| 

Example 15. The structure (N, +, 0, 1, <,x \-t x) where + is the usual addition 
on integers and < is the usual order on N, is a quantitative monoid with unit. 

Remark 16. In any quantitative monoid with unit M we have elements of 
arbitrary big measure, that is for every n £ N, 

n< \\n.l\\ 

It has to be noted that every resource monoid in the sense of [l8| defines a 
quantitative monoid with unit, by choosing |jp|| = V(0,p) where T)(.,.) is the 
distance of the resource monoid. 

3.2. Quantitative pole and orthogonality 

Krivine's classical realizability is a framework parametrized by a set JL of 
commands called the pole. This set can be seen as the set of correct processes, 
that is the notion of correctness we want to study. For example, _IL can be the 
set of normalizing commands. This set then induces a notion of orthogonality, 
which is used to define an interpretation of the type system. 

Similarly, our model of MALw will be parametrized by a structure called 
quantitative pole that we defined now. 

Definition 17. Let M. be a quantitative monoid. We define the notions of 
weighted terms and weighted commands as follows: 

1. A weighted term is a pair {t,p) £ T° x M.. 

2. A weighted command is a pair (c,p) £ C x M.. 

Informally, a weighted command (c, p) carries a quantitative information p 
that is a bound on the amount of resources used by c during its execution. Wc 
also define the notion of quantitative pole, which will be the main parameter of 
our model. 

Definition 18 (Quantitative pole). A quantitative pole is a pair (A4,_IL) 
where: 
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• Ai is a quantitative monoid. 



• _1L C C x Ai is a set of weighted commands. 

When it is clear from the context, we will often refer to a quantitative pole using 
its set JL. 

As we will see, not all quantitative poles yield sound interpretations of 
MALoj . We define a subclass of quantitative poles, the saturated quantita- 
tive poles. 

Definition 19 (Saturated pole). A saturated quantitative pole is a structure 
(M,JL,pp) given by: 

• A quantitative pole (Ai, JL). 

• An element pp of Ai. 

• Moreover JL satisfies the following properties: 

(— >p -saturation) If c -^-p c' and (c 1 ,p) G JL then (c,p + pp) S JL 
(— ^ -saturation) If c — >^ c' then (c',p) G JL (c,p) G JL 
(<-saturation) If p < p' and {c,p) G JL then (c,p r ) G JL. 

Remark 20. The element pp corresponds informally to the cost of a single 
/3-reduction step, as witnessed by the — ^-saturation property. The — Sy steps, 
however, are not considered as a resource cost, since they are mainly adminis- 
trative reductions. 

Example 21. • Suppose P is a non-quantitative saturated pole, i.e a set of 
commands which is closed under anti-evaluation (i.e: c — >-o c' A c' G P => 
c G P). If Ai is a quantitative monoid and pp G A4, then (Ai, P x A^,^) 
is a saturated quantitative pole. 

• An important example is 1-Time the set of bounded time terminating 
processes, namely -Lnme = { (c,p) | Time(c) < ||p|| }. In particular all 
(c,p) G 1-Time are such that c terminates. If Ai has a unit 1, then JL-rime 
provides a saturated quantitative pole by choosing pp = 1. The — >p- 
saturation property relics on the fact that if c^-pc' and (c',p) G JLn me , 
then 

Time(c) = Time(c') + 1 < |H| + 1 < ||p|| + j|l|| < \\p+ 1|| 

Until the rest of this section, we assume a choice of a quantitative pole 
(Ai, X) (which is not necessarily saturated). This quantitative pole JL induces 
a notion of orthogonality between elements of x Ai and 7J° X Ai. 

Definition 22 (Orthogonality). We say that (t + ,p) G 7+ x Ai and (t-,q) G 
71° x A4 are orthogonal and we note: 

(t+,p)±(t-,q) ^ ((t+\t-),p + q)E± 
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This orthogonality relation is lifted as an operation on set of bounded terms. If 
X C 7+ X M., then we define its orthogonal as 

X ± = { (t-,q) |V(t + ,p)el,t + lL } 

In a similar way, if X C 7^ xM, then 

X^ = { (t+.p) | V(L,,)eI,f + lL } 

Remark 23. Informally, the meaning of (t+,p)J-(t,q) is that the interaction 
( t + | f _ } behaves well and uses an amount of resources bounded by p + 

The operation (.) satisfies the usual properties of orthogonality. 

Property 24. //X andY are both subsets ofT+xAi (resp. subsets ofT®xA4) 
then we have: 

• x c x- 11 - 

• ICY implies Y 1 - C X- 1 
. = X x 

Property 25. // (Xi) ieI is a family of subsets of 7+ x M (resp. 71° x M ), 
then the following equalities hold: 

i. (\j ieI x i )±=n ieI x± 

Finally, we define a few notations. Let X E V{T+ x M) U ^(Ti 1 x M). Then: 

x v = in(Vxyw) 

X = { {t,q) \3p<q such that (t,p) £ X } 

Remark 26. If X e P(7? x .M) then Xy = X. Indeed, every negative term 
is also a value. 

3.3. Interpretation of kinds 

Before giving the actual interpretation of kinds and constructors, we define 
two operations on sets of bounded terms. 

X®Y = {{{t,u),p + q)\(t,p)£XA{u,q)eY} 

IX = { ({t},p) | (t,p) e x } 

Suppose V® e V(Jl n V x M). We then define V® as the set { I 1 | X g 
} and we pose D = D®U £> e . 

Definition 27 (Propositional domain). We say that V® is a positive propo- 
sitional domain if it satisfies the following properties: 
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• If (Xi)i £ j is a family of elements of 2?® indexed by /, then [J ieI X, G T>® 
and fl^I.e^. 

• If X,Y G D, then X ® Y G £>®. 

• If X eX>, then i X G £>®. 

Now suppose we have fixed a positive propositional domain 2?®. We begin 
with the interpretation of kinds. If a is a kind we define its interpretation \\cr\\: 

Ikll = n 

||o+|| = V® 
\\o-\\ = V® 



3.4- Interpretation of constructors 

The orthogonality operation defined earlier on set of bounded terms, is 
extended inductively on elements of all kinds. That is, for T being an element 
of ||cr||, we define _L(T, a) as: 

±(X,l) = X 

±(X,o + ) = X x 

±(X x ,o~) = X 

±(X,a^r) = Ye\\a\\^±(X(Y),r) 

Notice that this definition makes sense only because V® is a positive proposi- 
tional domain. Hence we know that any element of 1 1 o 1 1 is the orthogonal of 
an element of ||o + ||. 

Example 28. If X G V® , then _L(X, o + ) coincide with the orthogonal X 1 - of 
X. On the kind o + — > o + , consider for example X n- X G ||o + — > o + \\, we obtain 
±(X ^ X, o+ -> o+) = X X x G ||o+ -> o || , that is the orthogonality 
operator. 

This notion of extended orthogonality is consistent with the syntactic or- 
thogonality on kinds, as witnessed by the following property. 

Property 29. IfT G |H|, then we have -L(T,a) G Her 1 - 1|. 

Proof. It is proved by induction on the kind a, and is a consequence of the 
definition of a x and the fact that 2?® is a propositional domain. 

Given the positive propositional domain, a valuation is a partial function p 
assigning to a variable x a of kind a an element p(x a ) £ ||cr||. We denote by 
p[x a <— w] the valuation obtained from p by (re)binding the variable x a to the 
element v G ||er||. We say that p closes a constructor T if FV(T) C dom(p) and 
we note it p lh T. By extension, we denote by p lh Ti, . . . ,T n Hp closes each 
constructor Tj. A tofaZ valuation is a valuation whose domain is the set of all 
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higher-order variables. If p is a total valuation, then for every constructor T, 
p\VT. 

Given a well-typed constructor T and a valuation p such that p lh T, we 
define the set ||T|| by induction on T: 



Us' 


p 


= P(x) 




, 


= Mp(x),cr) 


\x° .T 


p 


= (ve \\a\\ h+ ||T|| p[ ^]) 


\\TU 




= (rt)l|C/|l P 






110 




= 


, 


IN 


p 


= n I— » n + 1 


\\rec T 


p 


= rec ||7-|| 


|| rec^" 


p 


= _L(reci| T ||, (t — ^ — ^ t — y t) — ^ /, — y t)) 



Concerning constructors A which are formulas, that is of kind o + and o~ , 
the set || A|| is an element of V(7+ x M) U P(T° x Moreover, it contains 
only values: 



II I A 


p 


= IPII P 




||t ^ 


/' 


= up-n 


p)" 


||i4®B 


/< 


= U\\ p ® 


11*11, 




p 


= (ll^llp 


«5 11^11^ 


pa^-P 


/» 


= lU||<r|| 




||Va; CT .iV 


/» 


= (U«e||er| 


ll^llplx^ 


||Vx CT .P 


p 


— Hue er 




pa^-AT 


/' 


= (n«e||o-| 


11^ IU^ 



Finally, for a formula A, we define the set \A\ P as 

\A\ P = \\AWj 1 - 



Remarks 30. 

1. For each well- typed constructor T : a and each valuation p lh T, we have 
ll^llp £ ll "!!- This rely on the fact that V® is a positive prepositional 
domain, and hence is closed under the required operations. 

2. For the negative existential case, we notice that 

\\^ t -n\\ p = { U m P[ ^ v] )^ 

„ G ||t|| 

3. However, for the universal case, the interpretation of Wx T .A is always 

||V^.A|| p = p| \\A\\ p[x ^ v] 

||t|| 
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even if A is negative. We gave different formulations for the negative and 
positive cases in order to show clearly that ||V:r T .iV|| (9 = ||3x T ../V- L || , but 
this remark shows it is not mandatory. 

If T is a closed well- typed constructor, ||T|| and \T\ P are independent of p. 
Hence we will often simply note them respectively ||T|| and \T\. 

Property 31. The interpretation \\.\\ enjoys the following properties. 

1. If T and T' are two well-typed constructors such that T = T' , then for 
every valuation p lh T, T' , we have T = T' then \\T\\ = ||T"|| . 

2. For any constructor T of kind a and p\V T , we have \\T \\ = _L(||T|| , a). 

3. For any well-typed constructors T : r and S : a, any valuation p such that 
p lh S and FV(T) C dom(p) U {x 17 }, we have 

\\n P[x » Hlsv = \\T[s/x°]\\ p 

Proof. 1. This is immediate by induction first on the kind a and on the 
judgment =. 

2. This is proved by induction on the typing judgment of the constructor T. 

3. This is proved by induction on the typing judgment of the constructor T. 

Remark 32. Notice that neither the definition of the interpretation of well- 
typed constructors nor the proof of Property (2D need to suppose that _1L is 
saturated. 

We say that (t,p) realizes a closed formula A and we note (t,p) lh p A iff 
(t,p) £ \\A || . If the choice of p is clear from the context we only note it 
(t,p) lh A. We may sometimes use the notation (t,p) lhji_ A to precise the 
quantitative pole we consider. 

3. 5. Properties of saturated quantitative poles 

Until now, we have considered a quantitative pole which is not necessarily 
saturated. When the pole is saturated, we can derive many properties that 
will be crucial to prove that our model is sound with respect to MALu. In 
this subsection, we suppose that (Ai, JL,^) is a saturated quantitative pole, 
and explore the properties satisfied by the orthogonality operation. The first 
property we prove expresses the fact that a set closed by biorthogonality is also 
<-saturated. 

Property 33. For every X e V(T+ x M) U V(T° x M), we have X C X^. 

PROOF. Let (t,p) e X and q e M such that p < q. If (u,r) E X 1 - then 
(t,p)-L(u, r). By <-saturation of _1L, we have (t, q)J-(u, r). Hence (t, q) 6 X . 

The following lemma proves that we can safely remove or add double or- 
thogonal operators in interpretations of constructors. 
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Lemma 34. Suppose 1,7 6 V(Tf x M)l)V(T° x 7W) and D C p(7^ x X) U 
x M) with D ^ 0. T/ien we /iave i/ie following equalities: 

1. (ji) 11 ^!! 11 ) 11 

3. (nx 6D ^)- LL = n JC6 i J ^- L - L 

Proof. 1. Since X C X^, we immediately have (1 X)^ 1 - C (| A- 1 - 1 )- 1 - 1 . 
Let's prove that (1 X^)- 11 - C (| A)- 1 - 1 . It suffices to show that (1 X)- 1 C 
(| A- 1 - 1 )- 1 . Let (i,q) G (1 X) 1 - and (u,p) G A- 1 - 1 . We want to show that 
((i | {u} },p + q) G JL. Two cases are possible: 

• If u is a value, then by — > M -saturation of JL, it suffices to show that 
((lM.(t\{K})\u),p + q)e±. 

• If u is not a value then ( t \ {u} } — >i ( i | {k} ) | u ) and so by — >i- 
saturation of JL, it suffices to show that (( fj,K.(t \ {k} ) \ u),p+q) G X. 

In both cases it is a consequence of (fin.(t | {k} ),p) S X- 1 - 11 - = X- 1 , which 
is immediate because (t,p) G (J. X) 1 - and by — ^-saturation of JL. 

2. Similarly we only have to prove that (X ® Y) 1 - C (X xx ® F" 1 - 1 -)- 1 -. 
Let G (X ® F)- 1 and ((u,u'),P + p') G (A^ 1 - ® F^). By the 
same argument of — > M and — ^-saturation of JL, it suffices to prove that 
(fiK.{t\ (n,u')),q + p') G X x . To do so lets take (u",p") G X and show 
(( u" | fj,K.( 1 1 (k, ti') } }, q + p' + p") G JL. Again, by — >^ and — ^ satura- 
tion it suffices to show that (fj,K'.{t\ (u",K,')),q+p") G Y x . Again, take 
(u"',p"') G F. We have clearly ((t\(u",u"')),q + p" + p'") G JL since 
(t, q) G (X ® F) . Hence our result. 

3. This is immediate by Property 1251 

4. This is immediate by Property [25] 

Lemma 35. Let A a formula, t a term of the same polarity as A and which 
has exactly one free variable k, q G M. and X a subset of 7+ n V x Ai or of 
7J° X Ai . The following properties are equivalent: 

i) For each {V, q) G X, (c[V/n],p + q) G JL 

ii) For each (V, q) G X xx f] V, (c[V/n},p + q) G JL 

Proof. • (ii) => (i) This is immediate since X C X xx n V. 

• (i) =4> (m) Suppose (i). That means for every (V, q) G X , by — ^„ saturation 
of JL, (( /iK.c | F),p+q) G JL. Hence, (/j,K.c,p) G X 1 - = A ±±J -, so for every 
(V, g) G X xx n V, (( hk.c \V),p + q) G JL and by — > M closure of JL and 
because F is a value, (c[V/k],p + q) G JL. 

Remark 36. This property, which is true for every choice of saturated quan- 
titative pole, will be useful when we will extend our interpretation to stronger 
type systems (that can handle contraction). This lemma requires to work in a 
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calculus where substitution and interaction can be exchanged in the following 
sense: 

(c[t/n],p + q) e JL <^> (((j,K.c\t},p + q) e JL 

In particular, it is impossible to have this property in the framework of the usual 
Krivine's realizability: only head contexts are considered while we need general 
contexts. This justifies the use of a completely symmetric calculus. 

3.6. Adequacy 

Before we can state and prove the soundness of our realizability interpreta- 
tion with respect to MALw, we define what it means for a typing rule to be 
adequate. All the following notions arc defined with respect to some quantitative 
pole JL. 

By abuse, if T = n\ : Ax, . . . , K n : A n is a typing context and p is a valuation, 
we will write p lh V as a notation for p lh Ax, . . . , A n . We will also denote by 
T[p] a pair (T, p) where p lh T. 

Definition 37 (Substitution). A substitution a is a partial application from 
the set of term variables to the set V x A4, whose domain dom{a) is finite. We 
will note \k\ <— (V\,px), . . . , n n <— (V n ,p n )] to denote the substitution a where 
dom(a) = {ki, . . . , n n } and such that cr(ft;) = (Vi,pi). 

Suppose a = [ki <— (Vi,pi), . .. ,K n <— (V n ,p n )] is a substitution. 

• If (c, q) is a bounded command, we note 

(c,q)[a) = (c[Vl/ki, ■ ■ ■ , V n / K n ], q + ^Pi) 

i 

• If (u, q) is a bounded term then we note 

(u,q)[a] = (u[Vi/ Ki, . . . ,V n / K n ], q + ^2pi) 

! 

If a is a substitution, we denote by a[n <— (V,p)] the substitution ob- 
tained from a by rcbinding K to (V,p). If a\ is a subtitution and o~2 = [«i 
(Vi,Pi), . . . , K n <r- (V n ,p n )] is another substitution, we denote by 

<7i,er 2 = (••• (fl[«l «- (Vi,Pl)]) ■ ■ ■ )[« n ^~ (HijPti)] 

Definition 38 (Adequate substitution). Let r = k\ : A\, . . . , n n : A n be a 

context and p lh V. We say that a substitution er is adequate to and we 
note cr lh r[p] iff 

• dom{a) ={«i,..., k„} 

. Viep,n],a( Ki )e|L4^|| p 
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In particular, if T is a typing context and a a substitution adequate to T then 
for every negative (resp. positive) variable k appearing in T, <t(k) G 7+ n V x M 
(resp. x M). Indeed, positive (resp. negative) variables of V are associated 
to negative (resp. positive) formulas. 

Definition 39 (Adequate judgment). Suppose r = Hi : A\, , . , , K n : A n is 

a context and p G M. 

• A judgment of the form c : (h T) is said to be p-adequate iff for every 
total valuation p and for every adequate substitution a lh T[p] we have 
(c,p)[<r] G -1L. 

• Similarly, a judgment of the form h t : B \ T is said to be p-adequate iff 
for every total valuation p and for every adequate substitution a lh (r)[p] 
we have (t,p)[a] G \B\ P . Moreover, if t G V then (t,p)[a] G ||S|| . 

We have now everything we need to define what it means for our interpre- 
tation to be sound with respect to to a given typing rule. A typing rule is given 
by a sequence of premises Ji (which are typing judgments), side-conditions (SC) 
on these judgments, and a conclusion K: 

J\ J2 ■ ■ ■ Jn SC 

(rule) 

K 

Definition 40 (Adequate rule). Suppose R is a typing rule, with Ji, . . . , J„ 
being its premises judgments and K its conclusion. Suppose / : M n — > M is a 
n-ary function on the quantitative monoid. We say that: 

R is f-adequate iff for every pi,...,p n G At, (for all i G Ji is p-- 

adequate) implies that K is f{p\, . . . ,p„)-adequatc. 

Remarks 41. 

1. If a 0-ary rule (like the axiom rule) then the notion of /-adequacy makes 
sense only if / is an element of the quantitative monoid M . 

2. If a typing derivation 7r is built using only adequate rules, then its conclu- 
sion is also p-adequate for some p G M. That p is obtained by composing 
the functions associated to each rule accordingly to the derivation struc- 
ture 7T. 

Wc now prove an adequacy theorem that relates typing in MALw and 
quantitative realizability. Wc suppose having chosen a saturated quantitative 
pole (Ai, JL,pp) and a positive prepositional domain T>® . We first associate to 
each MALw rule R a function M[i?] : Ai — > Ai. We will then show that each 
rule R of MALw is M [inadequate. 



M[Ax+] 


= 


M[Ax-} 


= 




M[/i_] 


= X 1 — ^ X 


M[/i+] 


= x n> x 




M[®] 


= (x,y)h+x + y 


Ml 7 ?} 


= X H- x - 




M[|] 


= x i — y x 


M[f] 


= x i— > x - 




M[3] 


= x i — y x 


M[V] 


= X H- X 




M[^j 


= x i — y x 


M[W] 


= X l-> X 




M[CW] 


= (x,y)h+x + y 
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Theorem 42. Suppose that (M, JL,pp) is a saturated quantitative pole. Every 
rule R o/MALu is M.[R]-adequate. 

Proof. To prove this statement, we just look at each of the MALu rules and 
check that they are adequate. 

• (Ax*) The proof is the same in the positive and negative cases. Let (t,p) G 
\\A XJ -\\ = \\A\\, then («, 0)[k (t,p)] = (t,p) G ||A|| p C JIf p . Hence the 
rule is O-adequate. 

• (Cut) Suppose h t+ : P \ T is p-adequate and h t- : P 1 - | A is (/-adequate. 
Let p h T, A and cr h (r, A)[p]. We can split er = cti,CT2 such that 
CTi lh T[p] and cr 2 lh A[p|. We want to show that ((t + \ t- ),p + q)[(j] G 
JL. For any p' lh P, T,A whose restriction is p (such a p' exists), we 
have (t+,p)[a 1 ] G ||P||^ and (t-,q)[a a ] G ||P X || p , = ||P||J. Hence 
(t + ,p)[<ri]±(t_,g)[<72], and so (( t+ | i_ ),p + g)[cr] G X. 

• (®) We suppose h V : A \ T is p-adequate and h V : P | A is g-adequate. 
Let p lh T, A, 4<g)P and a lh (T, A)[p|. Hence, a can be split into a x lh r[p] 
and (72 lh A[p|. Because p lh T,A and p lh A, B we know by hypothesis that 
(V,p)[o-i\ G P J ^ and (V, q)[a 2 ] G jBf p . Hence ((V, V), (q+q'))[a u a 2 ] G 

||A|| ® ||P|L = 11-4 (8> . Because cr = <7i,<T2, we can conclude that the 
((gi) rule is M[ ® ]-adequate. 

• Suppose c : (h k : A, «/ : P, F) is p-adequate for some p. Let p lh T, A 7 )! 
B and cr lh T[p\. We want to show that (jj,(k, n').c,p + pp)[<r] G \\A ^ B\\ . 

Since \\A^ B\\ p = \\A^ ® B^\\ p by PropertyEU we take (V,q) G \\A^\\ p 
and (V',q') G HP^II^ and show that ((//(«, k').c | (V, V) ),p + pp + q + 
q')[a] G JL. But it is easy to see that cr, k h- (V, g),/t' i-4 (V,c;') lh 
(r, k : A, k! : B)[p]. Hence, because the premise is p-adequate we obtain 
(c[V/k, V'/k'],p + q + q')[o~] G JL. By — ^-saturation of JL, we finally 
obtain (( p(n, n').c \ (V, V) ),p + pp + q + q')[a] G JL. 

• (I) We suppose h V : A | F is p-adequate. Let p lh r,4- A and cr lh T[p]. 
Because p lh T,A we know by hypothesis that (V,p)[cr] G ||A|| . Hence 
({V},q)[a} G 1 m|| = || | A\\ p . We conclude that the (I) rule is M[ i ]- 
adequate. 

• (f) Suppose c : (h n : A, V) is p-adequate for some p G A4. Let p lh T, f 
A and a lh r[p]. We want to show that (p{n}.c,p + pp)[a] G || f A\\ . 

Since || t A\\ p = \\ I A^\\ p by Property Ell we take (V, q) G H^- 1 ^ and 
show that ((p{k}.c\{V}),p + pp + q)[cr] G JL. But it is easy to see that 
cr,K i-> (V, (?) lh (r, k : 4)[p|. Hence, because the premise is p-adequate we 
obtain (c[V/k],p + q)[o~] G JL. By —^-saturation of JL, we finally obtain 
((p{ K }.c\{V}),p + pp + q)[a} G JL. 
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Suppose c : (h a : P, T) is p-adequate for some peW. Let p h P, T 
and (7 Ih r[p]. We want to show that (pa.c,p)[a) E \P\ p = \\P\\ p " L . So wc 
take (w, g) G ||-P|L and want to conclude that (( pa.c \ u ),p + q)[cr] E JL. 

But ||P||^ = \\P ± \\ p by Property EE Hence, a,a^ (u,q) Ih (a : P,T)[p\. 
Since the premise of the rule is p-adequate we conclude that (c[u/a],p + 
q)\<j] E JL. But ( pa.c | u ) — ^ c[u/a] because a and u are negative. Hence, 
by — ^-saturation of JL we obtain (( pa.c \ u),p + q)[a] E JL. 

Suppose c : (h x : N, P) is p-adequate for some p E M.. Let p Ih N, T 
and a Ih T[p}. We want to show that (px.c,p)[cr] E \\N\\ = WN^W . Let 
(u, q) E WN^Wp. It is sufBcient to show that (( p,x.c | u ),p + q)[cr] E JL. 
But it is immediate that a,x i— >■ (u, q) Ih (x : AT, T)[p\. Hence, because the 
premise is p- adequate, we obtain (c[u/x],p + q)[cr] E JL. Since u is a value 
(because (u,q) E \\N || ), by — saturation we obtain ((p,x.c \ u ),p + 
q)[a] E JL. 

(W) Suppose c : (h T) is p-adequate. Let p\\- T 7 A and a Ih (r, ft : A)[p]. 
Then a = a',n \-> (u,q) with a' Ih T[p\. But p Ih T so we conclude that 
(c,p)[a'] E JL. By <-saturation of JL we obtain immediately (c,p)[a] E JL. 

(V T ) Suppose h V : A \ T is p-adequate and x T does not appear free in T. 
We want to show that h V : Vx T .A | V is p-adequate. Let p Ih Vx T .A, T 
and (j Ih T[p]. By Remarks l30l and because V is a value, whatever the 
polarity of A is, we have to show that (V,p)[a] E C\vg\\t\\ \\M P [x^^vy ^° 
let v E \\t\\ and we pose p' = p\x T v]. We have p' Ih {A,T). Moreover, 
a Ih T[p'] because a Ih T[p] and x r docs not appear free in T. Hence by 
hypothesis, (V,p)[cr] E \\A\\ p , xT< _ v i , which permits to conclude. 

(3 T ) Let's first handle the case of values. Suppose h V : A[T/x T ] \ T is 
p-adequate for some T : r. We want to show that h V : 3x T .A \ T is p- 
adequate. Let p be a total valuation and a Ih T[p\. We can suppose that x T 
does not appear in T (if it docs, then we can rename it in 3x T .A). Because 
of p-adequacy of the premise, we have (V,p)[er] E \\A[T/x T ] \\ p . But by 
Property E3 we have \\A[T/x T ]\\ p = \\M p[x ^\\T\\ p Y Hcnce (V,pM e 
IUimi \\M P{X ^ V] C \\3xr.A\\ p . 

(3 T ) We now prove the case where t is not a value (hence, the formula 
is positive). Suppose h t : P[T/x T ] \ T is p-adequate for some T : r. 
We want to show that h t : 3x T .P \ T is p-adequate. Let p be a total 
valuation and a Ih T[p]. We can suppose that x T does not appear in T (if 
it does, then we can rename it in 3x T .P). Because of p-adequacy of the 
premise, we have (t,p)[a) E \\P[T/x T ] |L • But by Property [3TI we have 
WPF/x-]^ = \\P\\^^\n p Y Hence (t,p)[a] E U„ 6 | W | ||P||^^] C 
P^.P||^. 
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If 7r is a typing derivation, we define M[7r] as the element of Ai obtained by 
composing the M[i?] of each rule appearing in tt in the obvious way. Hence, if 
7r is a typing derivation of MALw , then Theorem 03] says that its conclusion 
is M[7r]-adequate. 

Remark 43. To prove the adequacy theorem, we crucially rely on the sat- 
uration properties of JL. This is where we really need to have a saturated 
quantitative pole. 

3. 7. Non quantitative Krivine 's classical realizability 

In a particular case of our general quantitative classical realizability, it is 
possible to validate a contraction rule (hence dropping the linearity constraint) 
and recover the non quantitative version of Krivine's classical realizability [23| , 
which we call simple realizability. It will be used in Section [5] to state the forcing 
decomposition of quantitative realizability. 

Definition 44. We note Aio the only quantitative monoid (without unit) whose 
underlying set is {0} equipped with the usual addition on natural numbers. 

Suppose we have a non quantitative pole JL C C, that is a set of commands 
such that: 

c G JL and c — >q c implies c G JL 
Then we define a quantitative extension of JL: 

JL = { (c,0) |cG JL} 

Property 45. The structure (Aio, -U_q, 0) is a saturated quantitative pole. 

Proof. Aio is clearly a quantitative monoid. Moreover, if c — >o c ' and (c', 0) G 
JLo, we have c 1 G JL hence c G JL. That implies (c, 0) G JLo, which proves both 
the -^/3 and — ^-saturation properties. Finally, the <-saturation is immediate, 
since Aio is a singleton. 

This quantitative pole induces an interpretation function ||.|| and a realiz- 
ability relation . We define the simple realizability relation lh as: 

t \\- p T <S=£> (t,0) lh^ o T 

If we add the following contraction rule to MALw, we obtain a formulation 
of PAcj (higher-order Peano arithmetic): 

c:{\- Ki :A,k 2 :A,T) 

(O ) 

c[k/ Ki, k/ k 2 ] : (h~ K : A,T) 

Although it does not hold in general, when we use JLo and pose M[C] = 
x H» x, the contraction rule is adequate: 

Property 46. The rule C is M[C]- adequate. 
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Proof. Suppose c : (h K\ : A, k 2 : A, T) is O-adequate. Let p \\~ T,A and 
it h (r, k : Then cr = a' , k m- (u,q). Ado is a singleton so c/ = 0. If 

we pose t = cr', k i-4 (u, 0), ft 2 ^ (w, 0) then r lh (r, Ki : A, ■ A)[p]. Hence, 
by adequacy of the premise, (c, 0)[r] G _IL . Since + = 0, we also have 
(c[k/ki, ac//C2],0)[ct] = ( c ?0)[t]. Hence the conclusion is O-adequate. 

Hence, as a corolloary of Theorem 021 and Property 0S1 we recover an ade- 
quacy theorem for PAu; . 

Theorem 47. All rules R o/PAw are ~WL[R]-adequate. 

Remark 48. In the case of the non-quantitative realizability, the notions of 
p-adequatc judgments and /-adequate rules can be simplified. We will say that 
a judgment is adequate if it is O-adequate, and a rule is adequate if it is (x M> .in- 
adequate. 

The following remark show that this version of the contraction rule is not 
x H» ^-adequate in general. 

Remark 49. When considering the general quantitative framework, this ver- 
sion of the contraction rule C is never /-adequate for / = x i— > x as soon as the 
quantitative pole meets the following conditions: 

• The quantitative monoid has a unit 1 (for example the integers monoid) 

• There is a command c such that c : (Kmalu x : X,y : X,T), a valuation 
p lh X, T, a substitution a lh T[p) and such that there is some (u, q) £ p(X) 
such that (c[u/x, u/y],p + q)[cr] £ JL. 

Proof. Suppose the rule C is /-adequate for / = x x. By Theorem [42] 
we know that the judgment c : (Vmalw x : X,y : X,T) is p-adequate for 
some p. Hence, we have (c\u/x, u/y\,p + 2.q)[a] £ A. by p-adcquacy of the 
typing judgment and because a lh T[p}. Moreover, since C is adequate, its 
conclusion must be /(p)-adequate. So we have (c[u/x, u/y],p + q)[&] £ -1L, 
which is contradictory with the assumptions. 

3.8. Quantitative reducibility candidates model 

In this subsection, we build a particular class of quantitative realizability 
models. By applying Theorem l42l on these models, we can prove a linear time 
termination property of MALw programs. Later, this result will be extended 
to more sophisticated systems that also enjoy bounded-time termination prop- 
erties. The construction relies on the definition of a quantitative extension of 
the well-known reducibility candidates (defined by orthogonality, as in [3,01), 
which we call quantitative reducibility candidates. 

In the rest of this subsection, the quantitative monoid and the pole arc such 
that: 
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• The quantitative monoid is any quantitative monoid with unit M = 
(M.+.OJ.H.I). 

• The quantitative pole is the structure (M., JL,pp) generalizing the one 
described in Example |2H 

- JL = { (c,p) | Time^"(c) is defined and Time^ ri (c) < \\p\\ } 

- Pp = 1 

We now use the fact that our syntax can be extended: we suppose that our 
two instruction sets /C + and /C_ contain respectively the constants written 
and These two constants play the same role as free variables in the usual 
rcducibility candidates argument. The only relevant properties of these new 
constants are: 

Property 50. IfV+ G 7+, t- G T_° and*i,* 2 G {*+,*_}, then 

1. (y+|*_)^ 

2. Time^' 3 ((t_ |* + }) < Time^ 8 ((t_ | (*i,* 2 ))) 

3. Time^ 8 ((t_ |*+}) < Time^ 8 (( t_ | {*!} ) 

Proof. All these properties are immediate. 

Definition 51 (Quantitative reducibility candidates). The set of positive 
quantitative reducibility candidates, denoted by 2?® n , is the set of elements X G 
V{Tf n V x M) such that: 

1. (X^) y = X 

2. (*+,0) e X xx 

3. X xx C {(*_,0)} x 

The set 2?® n = { X 1 - \ X 6 T>f an } is the set of negative quantitative reducibility 
candidates. The set of quantitative reducibility candidates T> can is the set T>f an U 
V® 

can 

The following lemmas are used to prove that the set T>f an can be used as a 
positive prepositional domain. We have to check every closure condition of 
Definition [271 

Lemma 52. Whenever X, Y G V can , then X <E)Y € V® an . 

PROOF. • We want to show that (5<+,0) G (X ® Y) ±A -. Let's take some 
(t-,p) 6 (X&Y)- 1 -. By LcmmalMl we have also (t-,p) G {X xx ®Y XX ) X . 
Depending of the polarity of X and Y, we know that G X and 
* 2 G Y X1 - for some *i,* 2 G {*+,*_}. So ((*_ | (*i,* 2 ) ),p) G JL. 
But by Property [50l 

Time^ 8 ((i_ |*+)) < Time^((t_|(*i,* 2 ))) 

< IHI 

we can conclude that (t_,p)_L(* + , 0). So (4< + ,0) G (X ® r) XJ -. 
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• We now need to show that X ® Y C {(►&_, 0)}- 1 . We know that X ® Y 
only contains values, since X, Y £ 2? C ari- But now, it is easy to see that 
if (V+,p) then immediately ( V+ | ) does not reduce for — > 
and so G _1L. 

Lemma 53. Whenever X 6 V can , then (I X)- 11 - G Vf an . 

PROOF. • We want to show that (►&+,()) G (1 X)^. Let's take some 
(t-,p) E (I X)^. By Lemma [Ml we know that (t-,p) G (| X^)^. 
But, depending of the polarity of X, we know that | ^),p) G _IL with 
G In any case, because 

Time^((t_ |*+)) < Time^ 3 (( t_ | {*} )) 

< IN 

, we can conclude that (t_,p)_L(*+, 0). So (*+,0) G (| X) ±± . 

• We now need to show that (4- X)- 11 - C 0)}^. By orthogonality 
properties, it suffices to show that jl C {(►!<_, 0)}^. Since X contains 
only values, so does J. X. But it is immediate that for any (V+,p) Gj, X, 
( V+ | ^_ ) does not reduce for and so (( V + | 6 1 

Lemma 54. Suppose ^ -D C £>© n , t/ien flxen X e P ®a«- 
Proof. Suppose ^ D C Vf an . 

• By hypothesis, for each leflwe have 0) G X . So it is immediate 
that (* + ,0) G f)xen X±± = (C\ X eD X ) ±X h Y Lemma El 

• Because each X G D is such that X C X^ 1 - G {(^_,0)} ± , it is clear 
that C\xeD X — {(^-'0)} (since £> is not empty and contains only 
non-empty sets). 

Lemma 55. Suppose ^ D G Z>® n , t/ien Uxgd ^ e ^n' 
Proof. Suppose ly^DC £>® n . 

• By hypothesis, for each X G D we have (►&+,()) G X^- . Since 13 is not 
empty we have (*+,0) G \Jxen X^ 1 - C (Ux e r> X " L± )" L± - But this is 
equal to (Ujfer> X) ±A - by Lemma [34l 

• Because each X G L> is such that X C X ±A - C {(►&_, 0)}^, it is clear that 

U xeD xc{(*_,o)}^. 

These four lemmas permit us to conclude that if we choose the set Vf an as 
the positive propositional domain, then for each formula A and each valuation 
p lh A, \\A\\ p is a quantitative reducibility candidate. 
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Linear time termination — As an example, we show how to use the 

adequacy theorem on the quantitative reducibility candidates model to prove 
complexity properties of terms typable in MALw . To do this, we need to 
choose a concrete quantitative monoid with unit: we take the natural numbers 
quantitative monoid defined in Example If 51 We obtain the following theorem: 

Theorem 56. If c : (h T), then c normalizes for — »o using at most \c\ ^-p-steps. 

Proof. Suppose that ir is a proof of c : (h «x : A±, ...,«;„ : A n ). We set: 

• The quantitative monoid of integers N. 

• The quantitative pole JLxime- 

Let p be a total valuation such that p{x° + ) = {(^+,0)} G 2?® n (such a valuation 
exists). By Theorem |4"21 we know that for all (Vi,qi) G ||^4-i|L) we have 

(c[Vi/ki, . . . , V n /K n ],M[ir] + G JL 

i 

By LemmaESl for every (W l ,p l ) G \\Ai\\p X n V, 

(c[^ 1 /Ki > ... J Jf n /«„] ) M[7r]+5^p j ) G X 

i 

Since I^^n is a positive propositional domain, we know that (^i,0) € 
jjyljll^"" 1 ", where £ depending of the polarity of Ai. It implies 

that 

(c[*i/«i,..., *„/«;„], M[7r]) G JL 

Hence, 

Time^"(c) = Time-^(c[*i//si,..., *»/«„]) 
< ||M[tt]|| 

But, it is easy to see that M[7r] < |c|. Hence Time _! ' ,3 (c) < |c|. 



4. Extending the model: Soft Affine Logic 

So far, we have only treated the multiplicative fragment of PAw. In this sec- 
tion, we show how to extend the realizability interpretation to more substantial 
fragments. We take the particular example of Soft Affine Logic (augmented with 
higher-order quantifiers and arithmetical operations, and noted SALw ). To do 
this, we need to find a suitable quantitative monoid: this is done by turning 



the soft resource monoid defined in |18l ] into a quantitative monoid. We then 



extend the adequacy theorem and the construction of quantitative reducibility 
candidates to this new system, finally we prove a polynomial bounded-time nor- 
malization property. The same methodology can be applied without any trouble 
to all the systems handled in [l8j |. 
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4-1- Soft affine logic 

Soft affine logic 0, is a simple extension of multiplicative linear logic by 
mean of weak exponentials. It ensures a polystep normalization property of 
programs typable in this system. 

We now suppose that the set ZC + of positive instructions contains a term \V 
for each value V. We also suppose that /C_ contains a term fi\(n).c for each 
command c and variable k. We also suppose that the reduction relation — > 
contains the following binary relation — >r. 

(^.(k).c\IV)^c[V/k] 

Suppose {xi, . . . ,Xk} is a set of positive variables, t is a term and k is a 
fresh variable of the same polarity as t. Then we define respectively a command 
!j Xi Xk yt and a term l{ Xlt ... iXk yt inductively as follows: 

\p = (H\k) 
\ Su{x} t = (iMl(x).m\*) 

l S t = flK.(l K s t) 

For example, with the variables x%, . . . ,Xk, we have 

l -{xi,...,x k }t = (J,K.{fi\(xi).(iJ,\(x2).{. ■ ■ .{It | k) ...)... \ x 2 )\x 1 ) 

Property 57. Suppose x±, . . . ,x^ are positive variables and t is a term whose 
free variables are included in {xi, . . . , x^}. Suppose moreover that ui, . . . ,Uk are 
positive values and V is a closed value of the opposite polarity as t 's polarity. 
Then we have 

{ !{jEi,...,x h }* I V)[lu 1 /x 1 , liik/xk] -> M -^\ k {\t | V)[ui/x 1 , u k /x k ] 

Remark 58. The construction !{ xi ,...,x fe } i s nere to mimic the functorial ! box 
of SAL proofncts. The last property is then the counterpart of the reduction 
resulting of the interaction between several functorial boxes. 

We add two new formula constructors 1A and \A. 

A, B,T,U ::=... \\A\7A 

The formulas \A and 7 A are respectively positive and negative formulas, in 
accordance with the following two new constructor typing rules: 

A: o A: o 



\A : o+ 7 A: o~ 

Typing rules of SALw are then obtained by extending the rules presented 
in Subsection [2] with the following ones: 
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h V : A | Xl : N u ...,x k : N k c : (h K X : A, . . . , K n : A, T) 

H {xi _ Xk] V :IA | Xl :?N u ...,x k :?N k "* h ^.(k).c[k/ Ki , . . . , k/k„] :?A \ T 
Remarks 59. 

1 . The choice of having only negative formulas in the context of the ! rule is 
not restrictive, since we can always use the t rule to obtain such a context. 
But doing so allows not to care about the polarity of variables. 

2. The multiplex rule (M„) and the promotion (!„) rules arc in fact typing 
schemes, that is one rule for each integer n £ N. In the case of the 
promotion rule, this in fact accounts for the fact that functorial promotion 
is a cluster rule consisting of n derelictions and one usual promotion. 

3. Notice that the multipliex rule, in the n = 1 case is exactly what we usually 
call the dereliction rule. One could think that it is possible to decompose 
the multiplex rule in two more elementary rules: the dereliction rule and 
the usual contraction. However, this would lead to typable programs that 
can calculate functions that are not computable in polynomial time. 

If 7r is a typing derivation in SALw , then we define its depth S(ir) as the 
maximum number of nested (!) rules appearing in it. In the rest of this paper, 
we will use the symbol K salw instead of h when we talk about typability in this 
new type system. 

4-2. Soft monoid 

In order to obtain a model where those rules are adequate, we need a richer 
structure than the quantitative monoid. This structure is given by the notion 
of soft exponential. 

Definition 60. Let A4 = (M, +,0,<, ||.||) be a quantitative monoid. Then a 
soft exponential on M. is given by a family (r„)„ e N of elements of Ai and an 
operation ! : M. — > M. that satisfy the following properties: 

• For all p, q G A4, we have \p+\q <\(p + q). 

• For all p e M. and n € N, we have n.p <\p + r n . 

We now give a concrete example of a quantitative monoid with unit and soft 
exponential. This monoid is obtained from the soft resource monoid described 




Definition 61. The soft monoid is the structure A4 S = (M s , + S ,0 S ,1 S , < s 
, ||.|| s ) where 

• M s is the set of pairs (n, /) where n £ N and / £ N[X] is a polynomial 
with integer coefficients. 

• (n, /) + s (m, g) = (max(n, m), / + g) where max(n, m) is the maximum 
of n and m. 
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• O s = (0, x H> 0) and l s = (0, 1). 

• {n, f) < s ("T-,g) iff n < m and Vcc > m,f(x) < g(x) and (5 — f)(x) < 
(.9 — f° r m l£ ^ < y . 

• ||(n,/)||. = /(n). 

Property 62. .M s is a quantitative monoid with unit. 

Proof. • It is clear that (Ai s , + s , S , < s ) is a preordered commutative 
monoid. 

• Let (n, /) and (m,g) be two elements of M s . We have 

|| (n,/) || + UK g) || = f(n)+g(m) 

< f{max{n,m)) + g{max{n,m)) 

= (/ + g)(max(n,m)) 

= || (moa;(n,m),/ + 3) || 

= \\(nj)+.{m,g)\\ 

• Suppose (n, /) < s (m, g). It means that n < m and Vx S N such that x > 
m-if(x) < sO^)- Hence, we have 

||(n,/)||=/(n)</(m)< 5 (m) = ||(m jff )|| 

• Finally 1 is a unit, since ||l|| s = 1. 

We moreover define the operation ! : M s — > M s as !(n, /) = (n, /+) where 
f + (X) — (X + l)f(X). This operation enjoys various properties. 

Property 63. The pair (!, {(n, 0)} n e^) * s a so i^ exponential. 

Proof. Here, we pose p = (n, /) and q = (m,g). 
(i) We have 

l(p+ s q) = (max(n,m),(f + g) + ) 

= (max(n,m), (X + 1)(/ + g)) 

= (max(n,m),{X + l)f + (X + l)g) 

= (max(n,m),f + + g + ) 

= lp+sk 



fii) We have 



k.p = (n,k.f) 

< s (max(n,k),{X + l)f) 

= (max(n, k), f + ) 

= lp+s(k,0) 
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(iii) Immediate. 



Properties (i) and (ii) arc crucial to obtain respectively monoidality of ! and 
the multiplexing rule (hence to prove adequacy). 

4-3. Interpretation of SALcj 

We now extend the realizability interpretation defined on the multiplicative 
fragment to the exponentials. We suppose that: 

• — > is an evaluation relation that contains — >i. 

• Ai is a quantitative monoid with a soft exponential (!, (r n ) n ^). 

• (M, JLjpp) is a quantitative pole which is moreover — >t-saturated: 



As in Subsection 13. 6[ to state the adequacy theorem we need to associate a 
function to the two new rules: 

M[!„] = x H>!x + n.pp 
M[M„] = x^x+p p +r n 

Theorem 64. All rules R o/ SALw are M[i?]- adequate. 

Proof. • For all the multiplicative part, the proof is the same as the one 
of the MALw adequacy theorem. 

• (!): Suppose h V : A \ T is p- adequate. Let p be a total valuation and a lh 
?r[p]. We know that for each Xi : Ni € T, we have a{xi) = (Wi, \qi) where 
(Vi,qi) S ||JV t ^-|| p . If we pose a' = [x 1 <r- (Vi, qi), . . . , x k <- (V k ,q k )}, we 
have clearly a' \\-T[p\. By hypothesis (V,p)[a'} £ \\A\\ . Hence, (V,p)[a'] e 



\\A\\^nV and finally (W^/xu. . . , V k /x k ],l(p + Ql + ■ ■ ■ + q k )) E \\\A\\ p . 



Because ! is a soft exponential on M., and by <-saturation, we obtain 
(WiVt/xt, V k /x k ], \p+l qi + ■■■ +\q k ) S \\\A\\ p . Finally, we know by 
Property 1571 — >p and — ^-saturation that 



For every (c,p) £ JL, if c'— he then (c',p+pp) £ JL 



We introduce a new unary operation ! on sets of bounded terms: 



\X = {(lV,\p)\(y tP )e(X ±± ) v xM} 



and we extend the interpretation of formulas as follows: 



||L4 
\\7A 




{Xl,...,X k 



} F[!Fi/a; 1 ,... J 



Wk/x k ],\p + k.pp+lqi +•••+!%) G \\\A\\ p 
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which can be rewritten as 

(\ {xi ,..., Xk }V,\p + k.p^[a)&fAf p 

Hence HV :\A \ V is ^-adequate and so the rule is {x \->\x + k.pp)- 
adequate. 

• (Mplex n ): Suppose c : (h K[ : A, ...,«„ : A,T) is p-adequate, let p be a 
total valuation and a \Y V. We want to show that 

(p\{K).c[K/Ki,...,K/K n ],p + pp + r n )[<r] G \\1A\\ p = \\lA ± \\^ 

First, notice that if (V, q) £ \\A\\ , if we pose a' = u\k\ <— V, . . . K n <— V] , 
we clearly have a' lh [k\ : A, . . . , n n : A,T)[p\. By p-adequacy of the 
hypothesis, we obtain (c[V/ Kx, . . . , V/ K n ],p + n.q)[a] G JL. 

Now, let (V,q) £ \\AWp 1 - n V. We want to show that 

H\(k).c[k/ki, K/n n ],p + pp)[cr}±(lV, \q) 

which will prove that the conclusion is (p adequate. But we know 

that ( /x!(k).c[k/ki, . . . , k/ n n ] \\V) — »o c[V/ki, . . . , V/ «„]. But by the pre- 
vious point, combined n times with Lemma [35l we obtain 

V(V', q') G X- 1 - 1 , (c[V'/ki, V'/K n ],p + n.q')[a] G JL 

Hence (c[V/ni, . . . , V/K n ],p+n.q) G JL. By <-saturation of JL and because 
! is a soft exponential, we have (c[V/ni, . . . , V/K n ],p+\q + r n ) G JL. By 
—^-saturation wc finally obtain 

(fl\(K).c[K/Ki,...,K/K n ],p+Pi3+r n )[a] G ||?A|[ p 

Remark 65. In this proof, the lemma[35]is crucial to show adequacy of the mul- 
tiplex rule. The situation would be similar for any system containing modality- 
rules that change the whole context. 

4- 4- Polynomial bounded time termination 

We now prove the polynomial bounded time termination of SALw , by ex- 
tending the technique of quantitative reducibility candidates. 

To obtain a bounded normalization theorem, we need to check that the con- 
struction of the quantitative reducibility candidates is still valid. The definitions 
remain the same as those of Subsection 13.81 except for the definition of JL: 

JL = { (c,p) | Time^^^^c) is defined and is bounded by \\p\\ } 

The only new property we need is the following one: 

Lemma 66. If X G V can then \X G T>f an . 
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Proof. Without any loss of generality, let's suppose X is positive. 

• Let (t,p) G (IX^. We have to show that (*+, 0)±(t,p). But we know 
that (*+,0) G X^^. Hence, (!*+,!0) elX. By Property [63l !0 = 0. We 
then have ({t\ !* + ),p + 0)el. But we know that 

Time (_ ^ u_f,) ((* + \t)) < Time ( -^ u - >,) ((!*+ \t)) 

< Ml 

Hence (*+,0) G (IX)^. 

• Let (V,p) G\X, because V is a positive value, it is immediate that ( V | ) 
does not reduce for — > U— h. Hence IX C 0)} 1 - and so (IX)^ 1 - C 
{(*_,0)}^. 

By instantiating the monoid with the soft monoid, we can derive a polystep 
normalization property of terms typable in SALw which extends the linear time 
normalization property of Subsection 13.81 

Theorem 67. There exists a family (Pk)keN of polynomials on N such that if 
it is a proof of\~sALu t : A | , then t normalizes in at most Pg^(\t\) reduction 
steps. 

Proof. The proof consists essentially to remark that in the definition of M[7r], 
the only rule that makes the degree of the polynomial of M[7r] rise is the (!) 
rule. The other rules cause only the linear part of M[7r] to grow. 



5. A forcing decomposition 

In this section, we exhibit a connection between our quantitative extension of 
classical realizability and certain forcing interpretations. We precisely show that 
by composing non-quantitative classical realizability with a notion of forcing for 
MAL, we obtain an instance of quantitative realizability. We finally show that 
quantitative rcducibility candidates are a special case of this construction. We 
proceed with the following methodology: 

1. We define the notion of linear forcing structure, a variation of the notion 
of forcing structure already defined in [3] ■ 

2. We introduce a forcing translation, that is the formalization of a class of 
forcing model of MAL inside MALu . The result is a relation p\\-f A, 
parametrized by a choice of linear forcing structure. 

3. We describe a new machine: the countdown machine. It is based on 
the same term syntax as Ly oc , but with a different notion of command 
and different reduction rules. This machine induces a new class of non- 
quantitative realizability relations for MALw , parametrized by a set JL* 
and denoted t lh* A. 
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4. We show that for a particular instance of linear forcing structure and for 
every choice of JL*, there exists a quantitative pole (in the sense of Section 
[3]) _1L° such that the associated rcalizability relation lh° satisfies for every 
MAL formula A: 

(t,p)\\-°A<=>>t\\-' (pU-fA) 

That means composing and IF* yields a quantitative model of MAL 

5. Finally, we show that quantitative rcducibility candidates of Subsection 
13.81 restricted to MAL , can be seen as the result of such a composition. 

This methodology could be used to study forcing translations of MALw. 
but we believe it is simpler to explain it with MAL. In the last subsection we 
explain how it could be extended to the whole system MALw. 

5.1. Preliminaries 

We define some concepts and notations required to define the forcing trans- 
lation and establish the associated results. 

Multipicative Affine Logic — MAL (Multiplicative Affinc Logic) is 
the affine, second-order fragment of MALw . The following grammar defines 
MAL formulas: 

A,B ::= P\N 

P ::= X | A®B \ I A 
N ::= X 1 - | A^B \ -\ A 

We suppose that to each MAL variable X we associate a MALw variable 
X" . Then any MAL formula A can be seen as a MALw constructor A^ of 
kind o° (with o e {+,—}), defined as follows: 



(AT 


= X° + 




(x^r 


= {x^) 1 - 


(A ig) B) u 


= {A) u ® 


(B) 


(A 2? B) u 


= {Af 2? 


(B) 




= HAY 




(tA) u 


= HAT 





We will abusively use the same notation A for both the MAL formula A 
and its associated MALw constructor (A)". We will also use the notation 
A -o B = A 1 - B, that is the call-by -name linear implication. 

Realizability relations — In the rest of this section, we will manipu- 
late several realizability relations. We will in particular consider a quantitative 
realizability relation (that will be denoted by lh° in further subsections) and a 
simple realizability relation (that will be denoted by lh" ) in the sense of the lh° 
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relation of Subsection 13.71 In both cases, it will be implicit that the interpreta- 
tion of constructors remain the same as the one defined in Section [3j 



Equational implication — To define the formula translation, we follow 
[22j and add a new type constructor to MALw . If A is a formula of kind o + 
(resp. o~), and if T and U are two type constructors of the same kind, then 
we have a new type constructor of kind o + (resp. o~) denoted (T = U)A. 
Its informal meaning is "T = U implies A" . Even if we can define the forcing 
translation without it, it will simplify the proof of the connection lemma. We will 
not add the corresponding typing rules, because we will deal directly with (non 
quantitative) realizability. For any valuation p, the realizability interpretation 
of section [3] is extended to the new formula (T = U)A as follows: 



\(T=V)A\ P = { 



\A\ P if T=U 
1 - else 



5.2. Linear forcing structures 

To compose realizability and forcing, we formalize a forcing interpretation 
inside MALw. We mostly follow Krivine's formulation of forcing [l4, 22 1. We 
begin by giving a linear version of Krivine's forcing structure. 

Definition 68 (Linear forcing structure). A linear forcing structure is given 
by the following components: 

• k, the kind of conditions. 

• C[.] : k — > o°, with o g {+, — } is a positive or negative predicate. 

• : k is a distinguished condition. 

• + : n — > n — > k is a binary operation on conditions, such that for every 
p,q,r : k, the following conversions hold in MALw : 

p + (q + r) = (p + q) + r 

p+q - q+p 

0+p = p 



Example 69. A simple example of linear forcing structure is the integer forcing 
structure, defined as follows: 

• The kind of conditions is the kind i of integers. 

• The predicate is Ax.T : l — > o~ . 

• + is the usual addition on integers defined using rec t . 

• is the constructor : i. 
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Then it is clear that for every integers p,q,r : t, the requested conversions hold 
in MALw . 



Remark 70. What wc note + and is written . and 1 in 

0,0. We choose an 

additive notation instead of a multiplicative one, because we think it better fits 
the quantitative intuition of multiplicative linear logic. It has also the advantage 
of being closer to the symbols used in the definition of quantitative monoids. 

The linear forcing structure is a sharp simplification of the notion of forcing 
structure as defined in [l4| , in particular because we ask k to be a monoid with 
respect to = (that is, at the computational level instead of the provability level). 
This is however sufficient for our purpose. 

Remark 71. Informally, Cfp + g]" 1 " represents a notion of orthogonality between 
p and q, and plays the same role in forcing as the pole _1L in realizability. Observe 
that a linear forcing structure (modulo =) is a multiplicative phase space 0], 
by choosing CI} 1 - as the pole. 

5.3. Formula translation 

We assume having fixed a linear forcing structure on the kind n. We now for- 



malize inside MALu a forcing interpretation of MAL. Following [22| method- 
ology, we associate to each MAL formula A a MALw formula p \\-t A (which is 
read "p forces A"). Because in the rest of this paper all the quantifications are 
made on k, we omit to indicate the kinds on the quantifiers and on the variables 
of kind k. 

Definition 72. Let Z : k — > o° (for o g {+, — }). Then the forcing orthogonal 
of Z is defined as a MALw constructor of kind K — > o~ : 

Z = \r.Vr.Z(r) — ° C[r + r] 

Remarks 73. 

1. The definition of forcing orthogonal is dependent of the choice of the linear 
forcing structure, since it depends of the kind k and the choice of the 
predicate C[.]. 

2. Notice that the polarity of the predicate Z : k — >• o~ does not depend of 
the polarity of the predicate Z: if Z is a positive or negative predicate on 
k, then Z is a negative predicate on n. This is a consequence of our choice 
of a negative encoding of the — o connective. 

We now define the forcing translation. We suppose that we associate to every 
MAL variable X a MALw variable X K ^° + of kind k ->• o+. If A : o° (with 
o e {+,—}) is a MAL formula, we define a MALw constructor A* : k — > o° 
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inductively as follows: 



(X- 1 )* = X K ^° + 

(A<Z>B)* = \r3 Pl 3 P2 .{r = Pl + P2 ){A*( Pl )®B*( P2 )) 

(A^B)* = Xr3 Pl 3 P2 .{r = Pl + P2 ) ((A 1 - )* ( Pl ) i B^* (p 2 )) 

(| A)* = Ar. |A*(r) 

(tA)' = Ar. | (^)*(r) 



Finally, if A is a MAL formula and P : k, we define p\\-f A as a MALw con- 
structor of kind o~ as follows: 

plh/TV = iV*(p) 

Remarks 74. 

1. Informally, A* and p\\~ f A have respectively the same role as the sets \\A\\ 
and \A\ defined in Subsection 13.41 

2. The predicate A* has the same polarity as A. However, the formula p \\-f A 
is always negative, even if A is positive. 

In the formalization of the forcing orthogonal, we use a negative encoding 
of the — o connective: this is an adaptation of the negative forcing translation 



defined in |22|, [14| . We could have defined a positive forcing translation, but 



what really matters is the polarity of C[.]. Whereas in [22J, |14[ C[.} is always 
negative, we allow it to be positive. 

Property 75. 



1. For every negative formula N , we have N*( P ) = N 1 - ( P ). 

2. For every P ositive formula P and every P : k, we have 



plh/P = Xr.irW-fP^ip) 



5.4- The countdown machine 

We now describe a new abstract machine. Because of the mechanism it 
implements, we call it the countdown machine. Although this machine is based 
on the term syntax of L f oc , it has completely different reduction rules and hence 
is not just another extension of Ly oc . We now suppose that the set /C + contains 
new instructions constant n for each n G N. Hence term syntax is augmented 
with primitive integers. We denote by N* the set { n | n £ N }. 

Definition 76. To describe the evaluation in this machine, we need to consider 
two new kinds of commands: 
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1. Negative commands are of the form ( t e | u + ) where t is a positive or neg- 
ative term whereas u + is a positive term. The set of negative commands 
is denoted by C G . 

2. Forcing commands are negative commands of the form ( i e | (u, K) ), where: 

• K G T is a term (either positive or negative). 

• t,u G T arc terms of opposite polarities. 

Such a forcing command will be sometimes noted (t e | u){K}. 

If K G T, t + G 7+ and u~ G are respectively a positive and a negative 
term, we can build from the command ( t + \ u~ } a forcing command noted 

<i+| u -)-{x}H^ e |(^)>. 

Remark 77. The notation t G is just a marker on t to indicate that it is now 
considered as negative. This is due to the formula translation. Indeed, all the 
translated formulas are negative, so even if a term t is positive, its image in the 
machine is negative and can be executed in front of a positive term. 

The reduction relation in this machine is denoted by — and is defined 
between forcing commands by the following rules: 

(c[t-/a])'{n} 
{c[V+/x])'{n} 
(c[Vi/«, %/«'])•{?»} 
(c[V/K])'{n} 



(t-°|( M a.c)){n} ->. 
((nx.cf\V+m 
((^ K ').cf\(V 1 ,V 2 )){n + l} 

(W K }.c) e |{y}){^+T} 

( «')-c) e | (Vi, V a ) >{S> r 

((Ak}-c) & \{v}){0} r 



Remark 78. These rules indeed implement a kind of countdown: each step 
makes the counter decrease, and if the counter equals then any step makes 
the machine diverge. 

In the same spirit of the identification of ( t \ u ) and ( u \ t ), we quotient the 
set of forcing commands by the following a-equi valence: 

(u e \t){K}^(t^\u){K} 

It must be remarked that if c is a command and K £ N*, then c*{K} never 
reduces for — 



Remark 79. In contrast with [22| we don't define any program transformation 
to justify the reduction rules of the machine. The justification of the intro- 
duction of the machine will be given a posteriori, by a specific linear forcing 
structure. 
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5.5. A countdown machine-based realizability model 

We now describe the realizability interpretation that is induced by the count- 
down machine. It is a simple realizability, in the sense that it relates a term t and 
a MALw constructor T. It will be used to state the connection lemma. This 
realizability relation is parametrized by a set JL* of forcing negative commands 
closed under anti -evaluation: 

Vc, c'eC 9 , if c-». c' and c E JL* then c G JL* 

Remark 80. Because of the a-equivalence on forcing commands, the following 
equivalence holds: ( t e | (u, K) ) E JL* <=> ( u e (t, K) ) E JL*. 

We now suppose that such a set JL* is fixed. Based on this set, we want to 
define a simple realizability interpretation. Since JL* is not a set of commands, 
it is impossible to reuse immediately the definitions of Section [3l But we can 
define a new a set JL*o of commands (in the usual sense) out of it: 

JL*o^{ (t + \u-) | (u- e \t+) E JL* } 

Now, suppose we have fixed a propositional domain T>®° and a total valua- 
tion p' . Although JL*o is not closed under anti-evaluation for — >q, and hence is 
not saturated, we can still consider the interpretation it induces. We then obtain 
an interpretation of MALlj constructor. For each constructor T, this interpre- 
tation is denoted ||T||*. , and the associated realizability relation is denoted Ih* . 
In particular we have: 

t Ih* N ^> for every u Ih* N x we have ( t G \ u ) E JL* 

Remarks 81. 

1. If the interpretation of a MALw constructor can still be defined, nei- 
ther the adequacy theorem with respect to MALw nor the properties of 
Subsection 13.51 are valid. 

2. The adequacy result, as stated in Subsection l3.7[ does not hold. However, 
we can and will prove a different adequacy result stated using forcing. 

3. Finally, it has to be noted that if P is a positive formula and t E T is a 
term, then t E \\P\\% implies that t is positive. However, if N is a negative 
formula, t E docs not imply that t is negative, as we will see in 
Subsection 15.71 

While the identification ( t \ u ) = ( u \ t ) is reminiscent of the involutivity 
of the linear negation, the new a-cquivalcnce corresponds to an identification 

between a term of the form X : k — > o~ and its forcing biorthogonal X. Indeed, 

Property 82. Suppose T : k — > o + , then if p : k, the following holds: 
1. t\\-'T(p) implies t\\-'T(p) 
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2. t\\-'T(p) implies t\\- m T(p) 
Proof. 

1. Suppose t\\-*T{p). Then take K G ||C[p + r]||* for some r : k and u G 
||T(r)||*.. Then because T(r) = Vr' .T {r') :L7 $C[r+r'] L , we have ( u G \ (t, K) ) G 
JL*. But, by a-cqui valence, we know that (i e |(it,A)) G JL*. Hence, 
tlh'?(p). 

2. If tH-*T(p), A" G \\C[p + r}\\', u G ||T(r)||*., then by the previous point, 

— • 

u G ||T(r)|| , so (t e | (u,K) } G JL* which concludes. 

Hence, as a corollary we immediately obtain that the two following rules are 
adequate with respect to the ||.||* interpretation: 

I- 1 : T{p) | r h t : Tjp) | r 
h t : T{p) | T I" t: Tip) \ T 

5. 6. A quantitative linear forcing structure 

We now describe a particular linear forcing structure. The relation obtained 
by composition of the forcing translation induced by this structure and the 
realizability based on the countdown machine of Subsection 15.51 will be shown 
in next subsection to coincide with a quantitative realizability relation. The 
structure considered is (t,C[.],+,0) where: 

• The kind of conditions is t, the kind of natural numbers. 

• C[.] is a new predicate of kind l. — > o + . 

• + is the usual addition on natural numbers, defined using rec t : 

. + . = Xp L Xq L .rec L p s q 

• is the corresponding individual. 

Property 83. (i,C[.],+,0) is a linear forcing structure. 

Proof. Associativity, commutativity and neutrality of with respect to + are 
easily checked. As an example, we show the neutrality of 0. We first notice that 
using the rules of Figure [2J + q = rec t s q. But we also have rec L s q = q. 
Hence, by transitivity of = we have + q = q. 

As C[.] is a new (positive) predicate of kind l — > o + , we need to say what its 
realizability interpretation is. For each valuation p* , we pose: 

=peN^{n|p<nArteN} 

Since this function does not depend of the valuation p* , we will not write 
the p" and note it ||C[.]||". 
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Remarks 84. 

1. We will often switch between concrete elements of c and elements of N. 
As already mentioned in Section 1, we will denote n the element of kind 
l corresponding to the integer n G N, which avoids confusion. 

2. For the interpretation to make sense, we need V®* to contain all the sets 
||C[p]||* with p : i. From now on. wc will only consider such D® . 

3. This linear forcing structure can be compared to the quantitative monoid 
of integers described in Example [T5l Indeed, we will se in Subsection 15.81 
that they play the same role. 

4. Similarly, many quantitative monoids can be turned into linear forcing 
structures. For example, suppose that we have extended the language of 
kinds with a product kind kx k' and added the pair (T, U) and projections 
TTi constructors (it is not difficult to see how to extend the realizability 
model to such a framework). Then, the soft monoid can be described as 
a linear forcing structure defined as follows: 

• The kind is k = i x (t — > l) 

• The maximum max of two elements of l is easily defined using rec L , 
and the addition + s of the soft monoid can then be defined using 
max: 

+ s = \x K .\y K Xmax(nix K ,niy K ),\z L .max(Tr2X K, (z),TT 2 y K "{z))) 

• \\C[p]\\' = { n | \\p\\ < n A n G N } where 

||.|| =\x K .(7r 2 x' l )(n 1 x K ) 

5.7. A connection theorem 

In this subsection, the connection between quantitative realizability and forc- 
ing is set out in the form of a connection theorem, which states that the 
composition of the forcing relation induced by the quantitative linear structure 
of Subsection 15.61 and countdown machine based realizability of Subsection 15.51 
yields a quantitative realizability model of MAL. We then use this result to- 
gether with Theorem [55] to obtain an adequacy result for linear forcing. 

Wc suppose having fixed a set JL* which is closed under anti — ^.-evaluation 
and the associated set of commands J_*o. We also suppose having a preposi- 
tional domain X>®* and a total valuation p* . We suppose having fixed a set _IL* 
which is closed under anti -evaluation and the associated set of commands 
JL'o- We also suppose having a prepositional domain T>® and a total valuation 
P'- 

Definition 85. Wc define the following objects: 
. 1L° = { (cp) | VK e \\C[p}W,c®{K} e ±* } 
. p°(X) = {(t,p) I t G p'{X L ^ 0+ ){p) } 
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• (V®)° = { X I 3Y G (pffi*) N such that (t,p) G X t G Y(p) } 

Hence, p° is a valuation, which is not total but defined on all MAL variables. 
Since we are only interested in MAL variables, but need a total one to reuse the 
interpretation defined in Section [3J we will in fact consider a valuation whose 
restriction on MAL variables is p° and identify it with p°. 

Because JL* is closed under anti — > m evaluation, _1L° yields a saturated quan- 
titative pole, as witnessed by the following property. 

Property 86. (N, JL°, 1) is a saturated quantitative pole. 

Proof. Suppose (c',p) G JL° and c — >o c ' ■ Then we want to prove that for any 
K G \\C[p + 1]||", c{K} G JL*. But K = n and p + l<nson = n' + l and 
K = WTT. So c'{rJ~+\)^,c!'^nF} with n 7 G ||C[p]||*, so c"{r7} G JL* and by 
anti-reduction property, we obtain the conclusion. 

Property 87. (2?®)° is a positive propositional domain. 

Proof. It is clear since V®' is itself a positive propositional domain. 

Since _1L° is a quantitative pole, 2?®° is a propositional domain and p° is a 
total valuation, we obtain a quantitative realizability interpretation of MALw, 
as defined in Section [3] We denote this new interpretation ||.||° , and the asso- 
ciated realizability interpretation lh° . 

Remark 88. We now have three different interpretations of MAL formulas A: 

• The quantitative interpretation ||^4[|° , which is a set of bounded terms. 

• The non-quantitative interpretation , which is based on the count- 
down machine and is a set of terms (in fact, bounded terms where the 
bound is an element of the trivial monoid {0}). 

• The forcing interpretation A* (p) , which is a MALw formula. 

All these interpretations are related through the following connection lemma: 

Lemma 89. For every MAL formula C , every positive propositional domain 
T>® and every total valuation p* , we have 

*e||C*( P )||;.^(t,p)e||C||; o 

Proof. The proof is carried out by induction on the formula C. For each case 
we prove directly the equivalence. 

• If C = X, 

te\\x*(p)\\' p . te\\x"° + \\' p .(p) 
tep'(X'^° + )(p) 

(t, P )ep°(x) 

(t, P )G\\x\\; 
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• If c = x ± , 

r±\*, 



P' 



*e||(x-)*( P ) 
^> t€pr.X*(r)^C[p + r]%. 

Vr e N,Vu e p m (X'-+ Q+ )(r),VK G ||C[p + r]||', (< e | («,A)> G JL* 
Vr G N,V(«,r) G p°(.X),VK G ||C[p + r}\\', {t e \ (u,K)) G JL* 
<=> (t,p)ep°(l) 1 

<=► (*,P)G|I^Co 

In the remaining cases, we do not write the valuations p° and p* in the 
interpretations, since they play no role here. 



• If C =1 A, 

te\\lA*(p)W p . i = {t'}andt'G||A*(p)||;. 

* = {*'} and (i',p)G|L4||* 
<=► (t, P )e\\lA\\; o 

• If c =t A, 

te||(tA)*(p)ir 

t€ \\Vx\(lA x )*(x) ^>C[p + x} x \\' 

V<?GN,tG |||(^)*(q)®C[ P + q]|r ± 
^ Vg e N,VA g ||C[p + q]|r, Vu g ||(^)ir(g), (t e | ({u},K) ) 6 iL* 

V(«,g) G ||^||°,VA G ||C[p + q]ir, (t e I ({«}, A') ) G JL* 
<=► V(u,q)E\\A x \\°,(t,p)±°({u},q) 

(t,p) G||t = UA J -\\ oX 

• If C = A ® 5, 

<G |p ®B)*(p)||" 
<S> 3p 1 ,p 2 GN,p=p 1 +p 2 AtG ||A*(pi)ir®||B*(pa)ir 
<S> 3p!,p 2 G N,p= (pi,p 2 ) At = (ii,t 2 ) Ati G ||A*(pi)||' At 2 G ||B*(p a )| 
<S> 3pi,p 2 G N,p={pi,p 2 )At=(t 1 ,t 2 )A(t 1 , Pl ) G A (ta.JJa) G ||-B|| C 
& (t, P ) e\\A®B\\° 

• IfC = A 3 ?B, 

tG||(A=?B)*(p)|r 

o v«i g n(^)*( Pl )ir,v U2 G n(i? ± )*(p 2 )ir,vA'G iic[p+ Pl +p 2 ]ir, 

(t e |(( Ml ,u 2 ),A))GiL- 
<H> VA G ||C[p + Pi + p 2 ]|r, V(ui,pi) G 11^11°, V(u 2 ,p 2 ) G ||B X ||°, 
(t e |(( Ul ,u 2 ),A))GiL- 

& V(«i )P i) G ||A ± ||°V( M2 ,p 2 ) G ||S- L || J (t,p)±((ui J u 2 ) ) pi+P2) 
& (t, P )e\\A^B\\° 



44 



As a corollary of this lemma and of Property [521 we obtain the following 
connection theorem. 

Theorem 90 (Connection theorem). For every MAL formula C and for 
every t G T and p G N, we have 

tlh* (plh/C) (t,p)\\-°C 

Proof. We use the previous theorem. Let's distinguish two cases, depending 
of the polarity of C. 

1. Suppose C = P is positive. Then: 

tlh-Cplh/P) ^ fe||F( P )||* 

<=> t 6 || Vr.(P*(r) -oC[p + r]- L )||* 

4^ VrGN.VwG HP^r)!!*, VA G |C[p + r]||", (i e | (u, A) ) G JL' 

<S> VrGN.VwG ||7^(r) ||", VA G |C[p + r]||", (i e | (u, A) ) G JL' 

Since P is positive, we have (P- 1 )* = P*. Hence: 

VreN.Vue \\P*(t)\\' ,VK G |C[p + r] ||", (i e | (it, A') ) G JL" 
V(u,r) G 11^11°, VAg ||C[p + r]|r,(t e |( u ,A)) GiL* 

But if ( i e | (u, A) ) G JL* and u is a negative term, then it implies that 
t is a positive term. Indeed JL* is a set of forcing negative commands. 
Hence, 

V(«,r) G HP 1 " ||°, VA' G ||C[p + r] II", ( i G | (u, K) ) G JL' 

^ (t,p) G ||P X H 0i 
^ {t,p)\b°P 



2. Suppose C = N is negative. Then A* = (N- 1 )*. We have 
^'(plh/A) <S=^ tG||A^(p)|f 

By Property 1751 we have 

- • 

te WWr&W e IIC^Rp)!!* 

By Property IHU we also have the following equivalence: 
iG||(ATF(p)ir^tG||A*(p)|r 
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Finally, by Lemma [551 we obtain 



te\\N*(p)\\'^(t,p)e\\N\\° 

Since, N is negative, \\N\\° = 11^11°^^ and hence we obtain 
ill-* (pU-fN) (t,p)lr- 7V 

Remarks 91. 

1. This theorem shows that positive terms t can realize (in the sense of the 
||.||* interpretation) a negative formula. Indeed, if P is positive and p£N 
then p\\-f P is always a negative formula, realized by a positive term. 

2. This last theorem show the connection between quantitative linear forc- 
ing and quantitative rcalizability. It says considering this specific linear 
forcing structure inside the countdown realizability model (for any choice 
of a pole) is equivalent to a certain quantitative realizability on MAL. 

3. If we have shown that composing the linear forcing and countdown real- 
izability induces a quantitative rcalizability relation, the converse is not 
true. Indeed, a quantitative realizability relation is not a priori equivalent 
to the composition of a certain forcing and a countdown rcalizability. 

By Property 1551 we know that _1L° is a saturated quantitative pole. Hence, 
Theorem |4"21 is valid. Together with the connection theorem, it can be used to 
obtain an adequacy theorem for linear forcing with respect to MAL, inside the 
realizability model. 

Theorem 92. Suppose A, B\, . . . , B n are MAL formulas. Suppose tt is a proof 
of (h t : A | K± : B\, . . . , K n : B n ). Let ui, . . . ,u n € T and q\, . . . , q n € N such 
that for any i G [l,7i] we have Ui lh* (q^ Ihf Sj). Then if we pose p = M[7r] , we 
have 

t[ui/Ki,. ■ . , u n /K n ] IF* (p + qi H h q„ lh/ A) 

This result justifies a posteriori the introduction of the countdown machine. 

5.8. Forcing and reducibility candidates 

Wc have seen that it is possible to obtain certain instances of the quantitative 
realizability by composing forcing and countdown machine-based realizability. 
We now show an example of such an instance: the quantitative reducibility can- 
didates of Subsection 13.81 restricted to MAL, arise from the composition of our 
quantitative linear forcing of Subsection 15.61 and non quantitative reducibility 
candidates, adapted to the countdown machine. 

We choose a set _li_y,; me of bounded commands, a positive propositional do- 
main 2?® and a total valuation p such that: 

-U-Time = { (c, n) \ c normalizes for — >q using at most n /3-stcps } 
P (X° + ) = {(*+, P )|peN} 
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Those correspond to a particular case of quantitative reducibility candidates 
of Subsection 13.81 Indeed, in the case of the quantitative monoid of integers, 
p(X° ) is a quantitative reducibility candidate. We denote the corresponding 
realizability relation \\~Time- 

On another hand, we can define the (non-quantitative) reducibility candi- 
dates model corresponding to the countdown machine. It is an instance of the 
countdown machine based realizability We choose the following _1L* and the 
valuation p'\ 

JL' = { c E C e | c normalizes for — } 
p'(X^° + )(jp) = {*+} 

It is clear that these definitions correspond to those of Subsection 13.81 where 
the quantitative part has been erased. 

Property 93. 

1. We have l_Time = 

2. For every MAL atom X° + , we have p°{X° + ) = p(X° + ). 
Proof. 

1. If t + and u_ are two terms, then (t+ | U- ) normalizes in a number of — >p- 
steps at most p if and only if for any n £ N greater thanp, ( (u~) B \ (h, t + ) ) 
normalizes for — 

2. This is by definition. 

As an immediate corollary of Property [M] and Lemma IM1 we obtain the 
following decomposition theorem: 

Theorem 94. If A is a MAL formula, then 

(t,n) Ihxime A<=>t\h m (nlh/A) 

5. 9. Remarks 

Let's finish by a few remarks about this forcing decomposition, and the 
choices we have made. 

Exponentials and quantifiers — Although we have only treated MAL 
in this section, we could extend these results to a system with exponentials, like 
SALw . To do so, it suffices to give an interpretation of ! and ?. The definition 
would be: 

(L4)* = \x\Vq.(x=\q)(\(A*(q))) 

(?A)* = \x K .\r.Vq.(r =\q)(\{{A^)* (q)))(x) 

where ! is a term of kind k — > k. Of course, properties of C[.\ with respect to ! 
would be needed. Concerning the quantifiers, if one wants to interpret them, it 
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suffices to follow the construction described in 



22] 



The choice of the machine — In the countdown machine, when the 
counter reaches 0, any /3-step makes it diverge. This is a necessary choice we 
have made in order to obtain Property [231 We could have chosen any other 
behavior without loosing Lemma [Ml and Theorem [Ml In particular, we could 
define a machine that executes programs for a certain number of steps and then 
gives the hand back to a given program. 

Program transformation — In contrast with [22j , we don't justify our 
machine by exhibiting a program transformation. We could give such a trans- 
formation, as it amounts to reveal the term behind the proof of the quantitative 
monoid part of Theorem l42l 

6. Conclusion 

Wc have proposed an abstract quantitative framework, built upon Krivine's 
classical realizability for system Lj oc and the notion of resource monoid de- 
veloped in [l8j ]. As a particular case of our construction, we have defined the 
quantitative rcducibility candidates, which allow us to prove complexity prop- 
erties of typable programs. Inside MALcj, wc then have defined a linear forcing 
interpretation of MAL and an abstract machine that internalizes the computa- 
tional behavior of the programs obtained through a particular instance of this 
forcing. We finally have proved a decomposition theorem which states that 
quantitative rcducibility candidates for MAL can be obtained as the composi- 
tion of ordinary reducibility candidates and linear forcing. 

We plan to explore several research directions. 

Order sensitive realizability — Both classical realizability and quan- 
titative classical realizability are insensitive to order, in the logical sense. In- 
deed, unlike reducibility candidates, these techniques are designed precisely to 
interpret second-order or higher-order logics. In [3(, a resource sensitive realiz- 
ability is defined. One particularity of this realizability is that it cannot be used 
to interpret second-order quantifiers (in the paper, only a linear second-order 
quantifier is interpreted), and thus allows an even finer grained study of the 
complexity properties of programs. This is achevied by using typed abstract 
bounds. It would be interesting to see if this framework and ours can be both 
generalized into a new one: it could lead to a even more precise quantitative 
analysis. Indeed, if we are able to study the complexity due to the presence of 
different exponentials, what about the complexity due to quantifiers? 

Countdown and Implicit Complexity — Several attempts have been 
made to prove fundamental complexity results inside a purely logical frame- 
work. We can for example mention the work of Terui and al. [20( where a 
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link between focalization and space compression theorem is stated. In the 
question is raised of whether it is possible to prove in their setting a hierarchy 
theorem like P C EXP. It is striking that such an elementary complexity result 
cannot be easily proved in a proof theoretic setting. We conjecture that one of 
the main reasons for this apparent difficulty is the lack of expressivity of the 
logics at stake. For example, all known proofs of P C EXP crucially rely on 
defining a Turing machine which executes another Turing machine on a entry 
for a certain number of steps. This kind of feature is not available in a purely 
functional A-calculus: it is not possible to internalize such a A-evaluator inside 
the typed A-calculus. Moreover, adding this feature would rise the problem of 
how to type programs using it. This is exactly the functionality implemented 
by the countdown machine. Using a variant of it, we would be able to execute 
programs for a certain number of steps. Typing those terms can be achieved us- 
ing forcing. It seems to us we could use these facts to prove hierarchy theorems 
in a purely proof theoretic setting. As a first test for this idea, we plan to sec 
whether is possible to prove P C EXP in a a forcing extension of the system 
described in 

Krivine Linear Algebras — We plan to reformulate this framework in 
a more abstract setting, in the spirit of Krivine's realizability algebras [l4[. In 
such a framework, we could express both quantitative realizability and linear 
forcing. We could hopefully prove a general iteration theorem of which our con- 
nection lemma would be a particular case. 

A Logic of forcing — As already noticed, while the identification ( t \ u ) = 
( u 1 1 ) made in L f oc materializes the involutivity of negation, the identification 
(u e \t){K} = (t° \ u){K} accounts for the properties of forcing orthogonal- 
ity. This remark suggests a new logic where forcing orthogonality would be 
primitive, just like negation in linear logic. In such a setting, forcing would be 
easily recovered and dealt directly with. We are currently investigating a logic 
of forcing, which could be used as a type system for a calculus with effects. 

Differential privacy and function sensitivity — Differential privacy 
@ is a quantitative property of randomized functions (typically functions giving 
an answer to user queries on a database) that prevents malicious users to gain 
confidential knowledge from repeated queries. In [2f|, a linear type system that 
ensures differential privacy is proposed. It is based on function sensitivity, a 
measure of how the distance between outputs of a function is related to the 
distance between the respective inputs (this property is similar to Lipschitz 
continuity). We plan to see if the logical relations used in (2(| to prove the 
soundness of their type system can be reformulated in terms of quantitative 
realizability. 
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